An improper access control vulnerability exists in Ivanti Avalanche prior to 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.
ivanti avalanche