CVE-2021-42128

Critical

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via…

hackerone·CWE-749·Published 2021-12-07

CVSS

9.8

EPSS

0.04

KEV

Exploits

cve.orgen

165 chars

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

NVDen

165 chars

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

Se presenta una vulnerabilidad de función peligrosa expuesta en Ivanti Avalanche versiones anteriores a 6.3.3, usando el Servicio Inforail y permite la Escalada de Privilegios por medio del Servicio Enterprise Server

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H