Vulnerabilities > CVE-2021-42124 - Unspecified vulnerability in Ivanti Avalanche

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ivanti

NVD

Published: 2021-12-07

Updated: 2022-08-09

Summary

An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.

Vulnerable Configurations

Part	Description	Count
Application	Ivanti Ivanti Avalanche 4.6 Ivanti Avalanche 5.3 Ivanti Avalanche 5.3.1 Ivanti Avalanche 6.0 Ivanti Avalanche 6.1 Ivanti Avalanche 6.2 Ivanti Avalanche 6.2.2	7

References

https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3