all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-24-054: Ivanti Avalanche decode XML External Entity Processing Information Disclosure Vulnerability

Add to bookmarks
Jan. 11, 2024, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2023-46265.

attackers authentication avalanche cve cves cvss decode disclosure exploit external information information disclosure information disclosure vulnerability ivanti ivanti avalanche rating sensitive sensitive information vulnerability xml zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-579: Apple macOS PPM Image Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com
apple apple macos arbitrary code attack +20
ZDI-24-578: Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com
apple apple macos attackers cves +19
ZDI-24-582: SEW-EURODRIVE MOVITOOLS MotionStudio XML External Entity Processing Information Disclosure Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com
cvss disclosure exploit external +13
ZDI-24-581: Microsoft Azure SQL Managed Instance Documentation SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com
attackers authentication authentication bypass azure +16
ZDI-24-580: Microsoft Artifact Registry Container Images Empty Password Authentication Bypass Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com
artifact attackers authentication authentication bypass +14
ZDI-24-577: Trend Micro Apex One Improper Access Control Local Privilege Escalation Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com
access access control apex apex one +24
ZDI-24-576: Trend Micro Maximum Security coreServiceShell Link Following Local Privilege Escalation Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com
attacker attackers code cvss +20
ZDI-24-575: Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com
attacker attackers code cves +21
ZDI-24-574: Trend Micro InterScan Web Security Virtual Appliance Cross-Site Scripting Privilege Escalation Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com
attackers authentication cross-site cve +19

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com