CVE-2021-42127
CRITICALIvanti Avalanche < 6.3.3 - Insecure Deserialization
Title source: ruleDescription
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.
Scores
CVSS v3
9.8
EPSS
0.5397
EPSS Percentile
98.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (1)
ivanti/avalanche
< 6.3.3
Timeline
Published
Dec 07, 2021
Tracked Since
Feb 18, 2026