CVE-2023-28127: Path Traversal
First published: Tue May 09 2023(Updated: )
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Avalanche | <=6.3.4.153 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28127?
CVE-2023-28127 is a path traversal vulnerability that exists in Avalanche version 6.3.x and below.
How does CVE-2023-28127 affect Ivanti Avalanche?
CVE-2023-28127 affects Ivanti Avalanche versions 6.3.x and below, allowing for possible information disclosure.
What is the severity of CVE-2023-28127?
CVE-2023-28127 has a severity of 7.5 (High).
How can I fix CVE-2023-28127?
To fix CVE-2023-28127, upgrade Ivanti Avalanche to a version above 6.3.x.
Where can I find more information about CVE-2023-28127?
More information about CVE-2023-28127 can be found at the following reference: [link](https://forums.ivanti.com/s/article/ZDI-CAN-17769-Ivanti-Avalanche-getLogFile-Directory-Traversal-Information-Disclosure?language=en_US)
- collector/nvd-index
- vendor/ivanti
- canonical/ivanti avalanche
- version/ivanti avalanche/6.3.4.153