| CVE ID | CVE-2021-42126 |
| CVSS SCORE | 8.8, AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| AFFECTED VENDORS |
Ivanti |
| AFFECTED PRODUCTS |
Avalanche |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to escalate privileges on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the userManagement.jsf page. The issue results from improper authentication. An attacker can leverage this vulnerability to escalate privileges to the level of admin. |
| ADDITIONAL DETAILS |
Fixed in version 6.3.3. |
| DISCLOSURE TIMELINE |
|
| CREDIT | Piotr Bazydlo (@chudypb) |
