module
Ivanti Avalanche FileStoreConfig File Upload
| Disclosed |
|---|
| Apr 24, 2023 |
Disclosed
Apr 24, 2023
Description
Ivanti Avalanche prior to v6.4.0.186 permits MS-DOS style short
names in the configuration path for the Central FileStore. Because of
this, an administrator can change the default path to the web root
of the applications, upload a JSP file, and achieve RCE as NT AUTHORITY\SYSTEM.
names in the configuration path for the Central FileStore. Because of
this, an administrator can change the default path to the web root
of the applications, upload a JSP file, and achieve RCE as NT AUTHORITY\SYSTEM.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.