CVE-2018-8901

CVSS 7.8 - HIGH
Description

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.

Affected Products
1
Vendor Product Version
ivanti avalanche All versions
References
https://community.ivanti.com/docs/DOC-68406
https://community.ivanti.com/docs/DOC-68406
Weakness Types
NVD-CWE-noinfo
CVE Information
CVE ID:
CVE-2018-8901
Published:
2018-06-29
Modified:
2024-11-21
CVSS Score:
7.8
Severity:
HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
ivanti
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL