CVE-2018-8901
First published: Fri Jun 29 2018(Updated: )
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Avalanche | >=5.3<=6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-8901.
What is the severity of CVE-2018-8901?
The severity of CVE-2018-8901 is high with a score of 7.8.
Which versions of Ivanti Avalanche are affected?
All versions between 5.3 and 6.2 of Ivanti Avalanche are affected.
How can a local user with database access privileges exploit this vulnerability?
A local user with database access privileges can read the encrypted passwords for LDAP-authenticated users in Avalanche services.
Is there a fix available for CVE-2018-8901?
Please refer to the Ivanti community website for information on available fixes.
- collector/nvd-index
- agent/severity
- agent/references
- agent/event
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/ivanti
- canonical/ivanti avalanche
- version/ivanti avalanche/5.3
- version/ivanti avalanche/6.2