Vulnerabilities > Ivanti > Avalanche > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-12-07 CVE-2021-42128 Unspecified vulnerability in Ivanti Avalanche
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.
network
low complexity
ivanti
critical
 9.8
9.8
2021-12-07 CVE-2021-42127 Deserialization of Untrusted Data vulnerability in Ivanti Avalanche
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.
network
low complexity
ivanti CWE-502
critical
 9.8
9.8
2020-04-28 CVE-2020-12442 SQL Injection vulnerability in Ivanti Avalanche 6.3
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
network
low complexity
ivanti CWE-89
critical
 9.8
9.8