Deserialization in Ivanti Avalanche

CVE-2021-42127

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.

Vulnerability class: Insecure Deserialization

EPSS: 0.540 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a Ivanti Avalanche — versions 6.3.3

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3 (x_refsource_MISC)