S4E

CVE-2021-30497 Scanner

CVE-2021-30497 scanner - Path Traversal vulnerability in Ivanti Avalanche (Premise)

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month

Scan only one

URL

Toolbox

-

Ivanti Avalanche (Premise) is an enterprise mobility management solution that enables IT teams to manage and secure mobile devices and applications from a single console. It provides comprehensive device and application lifecycle management, including app deployment, updates, and troubleshooting. With Ivanti Avalanche, IT teams can also enforce security policies to meet compliance requirements and protect corporate data.

Recently, a vulnerability with the code CVE-2021-30497 has been detected in Ivanti Avalanche (Premise) 6.3.2. This vulnerability allows remote unauthenticated users to retrieve sensitive information through Absolute Path Traversal. Attackers can exploit this vulnerability by accessing arbitrary files via the imageFilePath parameter processed by the /AvalancheWeb/image endpoint, which is not verified to be within the scope of the image folder. As a result, this can lead to the disclosure of sensitive information, such as system configurations or credentials.

If this vulnerability is exploited, it can lead to serious consequences for businesses. It can expose sensitive information that can be used by attackers to launch more sophisticated attacks, such as identity theft or malware injection. Furthermore, it can also lead to compliance violations, which could result in legal repercussions and reputational damage.

Thanks to the pro features of the s4e.io platform, readers can easily and quickly learn about vulnerabilities in their digital assets. With this platform, businesses can identify and address potential security issues before they can be exploited by attackers. By using this platform, businesses can ensure the security and integrity of their digital assets, while complying with regulatory requirements.

 

REFERENCES

Get started to protecting your Free Full Security Scan