CVE-2022-36980

CRITICAL Year: 2022
CVSS v3 Score
9.4
Critical
Weakness Type
CWE-367
View all →

Vulnerability Description

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528.

Related Vulnerabilities

CVE-2019-5421

CRITICAL
CVSS:9.8(Critical)

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts...

CWE-3672019

CVE-2019-7249

CRITICAL
CVSS:9.8(Critical)

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with...

CWE-3672019

CVE-2023-32156

CRITICAL
CVSS:9.0(Critical)

Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker...

CWE-3672023

CVE-2023-33154

CRITICAL
CVSS:9.8(Critical)

Windows Partition Management Driver Elevation of Privilege Vulnerability

CWE-3672023

CVE-2024-27114

HIGH
CVSS:9.8(Critical)

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be avail...

CWE-3672024

CVE-2024-28718

CRITICAL
CVSS:9.8(Critical)

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

CWE-3672024