CVE-2021-42127

CVE-2021-42127

Vendor N/A
Product Ivanti Avalanche
Weakness CWE-502 · Unsafe deserialization
Published December 7, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.

Key dates

02Disclosure timeline

December 7, 2021 CVE published
August 4, 2024 Record updated