CVE-2021-42129

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions prior to 6.3.3

Description A command injection vulnerability exists in Ivanti Avalanche, allowing an attacker with access to the Inforail Service to perform arbitrary command execution. The issue is related to insufficient input data cleaning in the mapShare system, which can be exploited by a remote attacker to execute arbitrary commands by sending specially crafted data.

Recommendations For versions prior to 6.3.3, update to version 6.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Inforail Service to minimize the risk of exploitation.