← Back

CVE-2024-36136

nvd nist
Published: Aug 14, 2024Modified: Aug 15, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

Affected (20)

Products: Ivanti: Avalanche
Ivanti
1 product
Avalanche
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Ivanti
Avalanche
Version 6.3.1.1507
Avalanche
Version 6.3.1
Avalanche
Version 6.3.2.3490
Avalanche
Version 6.3.2.3490
Avalanche
Version 6.3.2
Avalanche
Version 6.3.2
Avalanche
Version 6.3.2
Avalanche
Version 6.3.3.101
Avalanche
Version 6.3.3.101
Avalanche
Version 6.3.3
Avalanche
Version 6.3.3
Avalanche
Version 6.3.4.153
Avalanche
Version 6.3.4
Avalanche
Version 6.3.4
Avalanche
Version 6.4.0
Avalanche
Version 6.4.1.207
Avalanche
Version 6.4.1.236
Avalanche
Version 6.4.1
Avalanche
Version 6.4.1
Avalanche
Version 6.4.2

Related CWEs

CWE-193
Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

References (1)

Source: support@hackerone.com
Vendor Advisory

Timeline

No history available yet.