A command injection vulnerability exists in Ivanti Avalanche prior to 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
ivanti avalanche