writeups.xyz / Riding The Inforail To Exploit Ivanti Avalanche Part 2

Submitter : c2a

Date: 8 September 2021

Bounty : undisclosed

Vulnerabilities :

• RCE
• Insecure Deserialization
• Path Traversal
• Authentication Bypass
• Unrestricted File Upload
• Arbitrary File Write
• Arbitrary File Read

Programs :

• Ivanti

Authors :

• Piotr Bazydło (@Chudypb)

Link :
https://www.zerodayinitiative.com/blog/2022/9/7/riding-the-inforail-to-exploit-ivanti-avalanche-part-2