The host is installed with Ivanti Avalanche 6.x before 6.4.2 and is prone to a server-side request forgery, information disclosure vulnerability. A flaw is present in the application which fails to properly handle issues in validateAMCWSConnection. Successful exploitation could allow attackers to send a specifically crafted web request causing a Server-Side Request Forgery.