A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3 | Vendor Advisory |
Configurations
Information
Published : 2021-12-07 06:15
Updated : 2021-12-08 11:40
NVD link : CVE-2021-42129
Mitre link : CVE-2021-42129
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
ivanti
- avalanche