A SQL Injection vulnerability exists in Ivanti Avalance prior to 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
ivanti avalanche