CVE-2021-42130
- EPSS 54.26%
- Published 07.12.2021 14:15:09
- Last modified 21.11.2024 06:27:19
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.
CVE-2021-42131
- EPSS 40.9%
- Published 07.12.2021 14:15:09
- Last modified 21.11.2024 06:27:19
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
CVE-2021-42132
- EPSS 51.66%
- Published 07.12.2021 14:15:09
- Last modified 21.11.2024 06:27:19
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
CVE-2021-42133
- EPSS 14.4%
- Published 07.12.2021 14:15:09
- Last modified 21.11.2024 06:27:19
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.
CVE-2020-12442
- EPSS 7.73%
- Published 28.04.2020 22:15:12
- Last modified 21.11.2024 04:59:43
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
CVE-2018-8901
- EPSS 0.14%
- Published 29.06.2018 15:29:00
- Last modified 21.11.2024 04:14:33
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in t...
CVE-2018-8902
- EPSS 0.19%
- Published 29.06.2018 15:29:00
- Last modified 21.11.2024 04:14:34
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially...