Arbitrary Code Execution Vulnerability in Ivanti Avalanche before 6.3.3

Arbitrary Code Execution Vulnerability in Ivanti Avalanche before 6.3.3

CVE-2021-42127 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.

Learn more about our Web Application Penetration Testing UK.