CVE-2021-42126

High

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail…

hackerone·CWE-285·Published 2021-12-07

CVSS

8.8

EPSS

0.04

KEV

Exploits

cve.orgen

175 chars

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

NVDen

175 chars

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

NVDes

218 chars

Se presenta una vulnerabilidad de control de autorización inapropiada en Ivanti Avalanche versiones anteriores a 6.3.3 que permite a un atacante con acceso al Servicio Inforail llevar a cabo una escalada de privilegios

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H