Deserialization in Ivanti Avalanche

CVE-2021-42130

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.

Vulnerability class: Insecure Deserialization

EPSS: 0.767 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a Ivanti Avalanche — versions 6.3.3

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3 (x_refsource_MISC)