cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-44574,https://securityvulnerability.io/vulnerability/CVE-2022-44574,Improper Authentication Vulnerability in Avalanche by Ivanti,"An improper authentication vulnerability in Avalanche, specifically in version 6.3.x and earlier, enables unauthenticated attackers to modify properties on designated ports. This security flaw creates potential risks for unauthorized alterations, threatening the integrity and security of the affected systems.",Ivanti,Ivanti Avalanche,7.5,HIGH,0.0076299998909235,false,,false,false,false,,,false,false,,2023-03-10T00:00:00.000Z,0
CVE-2021-42133,https://securityvulnerability.io/vulnerability/CVE-2021-42133,Exposed Function Vulnerability in Ivanti Avalanche Software,"An exposed dangerous function vulnerability in Ivanti Avalanche prior to version 6.3.3 allows attackers who have access to the Inforail Service to perform arbitrary file writes. This loophole could be exploited for unauthorized file manipulation, presenting potential risks to the integrity and confidentiality of the data managed by the software. Users are encouraged to update to the latest version to mitigate this vulnerability.",Ivanti,Ivanti Avalanche,8.1,HIGH,0.00107999995816499,false,,false,false,false,,,false,false,,2021-12-07T13:13:35.000Z,0
CVE-2021-42132,https://securityvulnerability.io/vulnerability/CVE-2021-42132,Command Injection Vulnerability in Ivanti Avalanche,"A command injection vulnerability in Ivanti Avalanche prior to version 6.3.3 permits attackers with access to the Inforail Service to execute arbitrary commands on the system. This flaw can expose critical server components to unauthorized commands, potentially compromising the integrity and confidentiality of the data managed by the Avalanche product line. Organizations should upgrade to the latest version to mitigate this security risk.",Ivanti,Ivanti Avalanche,8.8,HIGH,0.04204000160098076,false,,false,false,false,,,false,false,,2021-12-07T13:13:29.000Z,0
CVE-2021-42131,https://securityvulnerability.io/vulnerability/CVE-2021-42131,SQL Injection Vulnerability in Ivanti Avalanche,"A SQL Injection vulnerability has been identified in Ivanti Avalanche versions prior to 6.3.3. This issue permits an attacker with access to the Inforail Service to execute unauthorized SQL commands, ultimately leading to potential privilege escalation. It is crucial for users of the affected software to update to the latest version to safeguard against this type of vulnerability and protect their systems from exploitation.",Ivanti,Ivanti Avalanche,8.8,HIGH,0.007430000230669975,false,,false,false,false,,,false,false,,2021-12-07T13:13:24.000Z,0
CVE-2021-42130,https://securityvulnerability.io/vulnerability/CVE-2021-42130,Deserialization Vulnerability in Ivanti Avalanche by Ivanti,"A deserialization vulnerability has been identified in Ivanti Avalanche versions before 6.3.3. This flaw allows an attacker with access to the Inforail Service to execute arbitrary code, potentially leading to unauthorized actions within the system. It is crucial for users of affected versions to upgrade to the latest release to mitigate this security risk.",Ivanti,Ivanti Avalanche,8.8,HIGH,0.00610999995842576,false,,false,false,false,,,false,false,,2021-12-07T13:13:19.000Z,0
CVE-2021-42129,https://securityvulnerability.io/vulnerability/CVE-2021-42129,Command Injection Vulnerability in Ivanti Avalanche,"A command injection vulnerability in Ivanti Avalanche prior to version 6.3.3 allows an attacker with access to the Inforail Service to execute arbitrary commands on the system. This can lead to unauthorized control over the application environment, increasing the risk of exploitation. Users are strongly advised to upgrade to the latest version to mitigate potential threats.",Ivanti,Ivanti Avalanche,8.8,HIGH,0.04204000160098076,false,,false,false,false,,,false,false,,2021-12-07T13:13:14.000Z,0
CVE-2021-42128,https://securityvulnerability.io/vulnerability/CVE-2021-42128,Privilege Escalation Vulnerability in Ivanti Avalanche Software,"A vulnerability in Ivanti Avalanche before version 6.3.3 allows attackers to escalate privileges via the inforail Service on the Enterprise Server. This exposure could enable malicious users to exploit the dangerous function, gaining unauthorized access and control over the system. Organizations utilizing affected versions of Ivanti Avalanche are advised to upgrade to version 6.3.3 or later to mitigate this risk.",Ivanti,Ivanti Avalanche,9.8,CRITICAL,0.01090999972075224,false,,false,false,false,,,false,false,,2021-12-07T13:13:10.000Z,0
CVE-2021-42127,https://securityvulnerability.io/vulnerability/CVE-2021-42127,Deserialization Vulnerability in Ivanti Avalanche,"A deserialization vulnerability in Ivanti Avalanche prior to version 6.3.3 permits unauthorized execution of arbitrary code through the Data Repository Service when manipulating untrusted data. This flaw offers potential pathways for attackers to exploit the software, compromising system integrity and security.",Ivanti,Ivanti Avalanche,9.8,CRITICAL,0.007550000213086605,false,,false,false,false,,,false,false,,2021-12-07T13:13:01.000Z,0
CVE-2021-42126,https://securityvulnerability.io/vulnerability/CVE-2021-42126,Improper Authorization Control in Ivanti Avalanche Software,"An improper authorization control vulnerability in Ivanti Avalanche before version 6.3.3 allows an attacker with Inforail Service access to exploit the system and escalate privileges. This issue poses significant risks to the security of the affected environment, enabling unauthorized actions that could lead to data breaches or unauthorized access to sensitive information.",Ivanti,Ivanti Avalanche,8.8,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2021-12-07T13:12:56.000Z,0
CVE-2021-42124,https://securityvulnerability.io/vulnerability/CVE-2021-42124,Improper Access Control Vulnerability in Ivanti Avalanche Product,"An improper access control vulnerability has been identified in Ivanti Avalanche versions prior to 6.3.3. This flaw potentially allows an attacker with access to the Inforail Service to perform unauthorized actions, including session takeover. It is crucial for users of Ivanti Avalanche to update to the latest version to mitigate this security risk.",Ivanti,Ivanti Avalanche,8.8,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2021-12-07T13:12:44.000Z,0