RSS   Vulnerabilities for 'Avalanche'   RSS

2021-12-07
 
CVE-2021-42124

CWE-863
 

 
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.

 
 
CVE-2021-42125

CWE-434
 

 
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.

 
 
CVE-2021-42126

CWE-863
 

 
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

 
 
CVE-2021-42127

CWE-502
 

 
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.

 
 
CVE-2021-42128

CWE-269
 

 
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

 
 
CVE-2021-42129

CWE-77
 

 
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

 
 
CVE-2021-42130

CWE-502
 

 
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.

 
 
CVE-2021-42131

CWE-89
 

 
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

 
 
CVE-2021-42132

CWE-77
 

 
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

 
 
CVE-2021-42133

CWE-829
 

 
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.

 


Copyright 2022, cxsecurity.com

 

Back to Top