First published: Mon Aug 16 2021(Updated: )
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | <9.1 | |
Pulsesecure Pulse Connect Secure | =9.1 | |
Pulsesecure Pulse Connect Secure | =9.1-r1.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r10.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r11.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r2.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r3.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r4.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r5.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r6.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r7.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r8.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r9.0 | |
Ivanti Connect Secure | =9.1 | |
Ivanti Connect Secure | =9.1-r1.0 | |
Ivanti Connect Secure | =9.1-r10.0 | |
Ivanti Connect Secure | =9.1-r11.0 | |
Ivanti Connect Secure | =9.1-r2.0 | |
Ivanti Connect Secure | =9.1-r3.0 | |
Ivanti Connect Secure | =9.1-r4.0 | |
Ivanti Connect Secure | =9.1-r5.0 | |
Ivanti Connect Secure | =9.1-r6.0 | |
Ivanti Connect Secure | =9.1-r7.0 | |
Ivanti Connect Secure | =9.1-r8.0 | |
Ivanti Connect Secure | =9.1-r9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-22934.
The severity of CVE-2021-22934 is high with a severity value of 7.2.
The software versions affected by CVE-2021-22934 are Pulse Connect Secure before 9.1R12.
An authenticated administrator or compromised device in a load-balanced configuration can exploit CVE-2021-22934 by performing a buffer overflow via a malicious crafted web request.
Yes, a fix is available for CVE-2021-22934 in Pulse Connect Secure 9.1R12 or later versions.