SQL Injection in Ivanti Avalanche

CVE-2021-42131

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

Vulnerability class: SQL Injection

EPSS: 0.665 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a Ivanti Avalanche — versions 6.3.3

Weakness classification (CWE)

CWE-89 — SQL Injection

References

forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3 (x_refsource_MISC)