A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3 | Vendor Advisory |
Configurations
Information
Published : 2021-12-07 06:15
Updated : 2021-12-08 11:00
NVD link : CVE-2021-42127
Mitre link : CVE-2021-42127
JSON object : View
CWE
CWE-502
Deserialization of Untrusted Data
Products Affected
ivanti
- avalanche