Ivanti Avalanche, a popular mobile device management system, is vulnerable to a limited unauthenticated path traversal vulnerability, tracked as CVE-2023-41474. The vulnerability may allow an unauthenticated attacker to access any file under C:\\PROGRAM DATA\\Wavelink\\AVALANCHE\\Web\ webapps\AvalancheWeb in a default configuration. However, an attacker can only read some specific file extensions like .xml or .html, depending on the … Continue reading “Ivanti Avalanche Directory Traversal Vulnerability (CVE-2023-41474)”