CVE-2021-42133: Malicious File Upload
First published: Tue Dec 07 2021(Updated: )
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Avalanche | <6.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Ivanti Avalanche vulnerability?
The vulnerability ID for this Ivanti Avalanche vulnerability is CVE-2021-42133.
What is the severity of CVE-2021-42133?
The severity of CVE-2021-42133 is high (8.1).
What is the affected software for CVE-2021-42133?
The affected software for CVE-2021-42133 is Ivanti Avalanche version up to (but not including) 6.3.3.
What is the CWE ID for CVE-2021-42133?
The CWE ID for CVE-2021-42133 is 829 and 434.
How can an attacker exploit CVE-2021-42133?
An attacker with access to the Inforail Service can exploit CVE-2021-42133 by performing an arbitrary file write.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ivanti
- canonical/ivanti avalanche