An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
Se presenta una vulnerabilidad de control de autorizaciĆ³n inapropiada en Ivanti Avalanche versiones anteriores a 6.3.3 que permite a un atacante con acceso al Servicio Inforail llevar a cabo una escalada de privilegios
This vulnerability allows remote attackers to escalate privileges on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability.
The specific flaw exists within the userManagement.jsf page. The issue results from improper authentication. An attacker can leverage this vulnerability to escalate privileges to the level of admin.
