CVE-2021-42132

High

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform…

hackerone·CWE-77·Published 2021-12-07

CVSS

8.8

EPSS

0.70

KEV

Exploits

cve.orgen

168 chars

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

NVDen

168 chars

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

Se presenta una vulnerabilidad de inyección de comandos en Ivanti Avalanche versiones anteriores a 6.3.3, que permite a un atacante con acceso al servicio Inforail llevar a cabo la ejecución de un comando arbitrario

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H