A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3 | Vendor Advisory |
Configurations
Information
Published : 2021-12-07 06:15
Updated : 2021-12-08 11:24
NVD link : CVE-2021-42131
Mitre link : CVE-2021-42131
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
ivanti
- avalanche