Security for everyone

CVE-2021-30497 Scanner

Detects 'Path Traversal' vulnerability in Ivanti Avalanche (Premise) affects v. 6.3.2.

SCAN NOW

Short Info


Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2021-30497 Scanner Detail

Ivanti Avalanche (Premise) is an enterprise mobility management solution that enables IT teams to manage and secure mobile devices and applications from a single console. It provides comprehensive device and application lifecycle management, including app deployment, updates, and troubleshooting. With Ivanti Avalanche, IT teams can also enforce security policies to meet compliance requirements and protect corporate data.

Recently, a vulnerability with the code CVE-2021-30497 has been detected in Ivanti Avalanche (Premise) 6.3.2. This vulnerability allows remote unauthenticated users to retrieve sensitive information through Absolute Path Traversal. Attackers can exploit this vulnerability by accessing arbitrary files via the imageFilePath parameter processed by the /AvalancheWeb/image endpoint, which is not verified to be within the scope of the image folder. As a result, this can lead to the disclosure of sensitive information, such as system configurations or credentials.

If this vulnerability is exploited, it can lead to serious consequences for businesses. It can expose sensitive information that can be used by attackers to launch more sophisticated attacks, such as identity theft or malware injection. Furthermore, it can also lead to compliance violations, which could result in legal repercussions and reputational damage.

Thanks to the pro features of the securityforeveryone.com platform, readers can easily and quickly learn about vulnerabilities in their digital assets. With this platform, businesses can identify and address potential security issues before they can be exploited by attackers. By using this platform, businesses can ensure the security and integrity of their digital assets, while complying with regulatory requirements.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture