CVE-2021-42130 - AskarLabs CVE Database

CVE-2021-42130

Vendor N/A

Product Ivanti Avalanche

Weakness CWE-502 · Unsafe deserialization

Published December 7, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.

Key dates

02Disclosure timeline

December 7, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-42130 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2024-5675 Unreliable data deserialization vulnerability in Mentor CVE-2024-35780 WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ PHP Object Injection vulnerability CVE-2020-6967 CVE-2016-9498 ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability