CVE-2021-42125

High

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to…

hackerone·CWE-502·Published 2021-12-07

CVSS

8.8

EPSS

0.82

KEV

Exploits

cve.orgen

162 chars

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.

NVDen

162 chars

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.

Se presenta una vulnerabilidad de carga de archivos sin restricciones en Ivanti Avalanche versiones anteriores a 6.3.3, que permite a un atacante con acceso al Servicio Inforail escribir archivos peligrosos

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H