CVE-2018-8901

Published: Jun 29, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.

Affected (1)

Products: Ivanti: Avalanche

Ivanti

1 product

Avalanche

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ivanti Avalanche	From 5.3 to 6.2

References (2)

https://community.ivanti.com/docs/DOC-68406

Source: cve@mitre.org

Vendor Advisory

https://community.ivanti.com/docs/DOC-68406

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.