First published: Mon Aug 16 2021(Updated: )
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | <9.1 | |
Pulsesecure Pulse Connect Secure | =9.1 | |
Pulsesecure Pulse Connect Secure | =9.1-r1.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r10.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r11.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r2.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r3.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r4.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r5.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r6.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r7.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r8.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r9.0 | |
Ivanti Connect Secure | =9.1 | |
Ivanti Connect Secure | =9.1-r1.0 | |
Ivanti Connect Secure | =9.1-r10.0 | |
Ivanti Connect Secure | =9.1-r11.0 | |
Ivanti Connect Secure | =9.1-r2.0 | |
Ivanti Connect Secure | =9.1-r3.0 | |
Ivanti Connect Secure | =9.1-r4.0 | |
Ivanti Connect Secure | =9.1-r5.0 | |
Ivanti Connect Secure | =9.1-r6.0 | |
Ivanti Connect Secure | =9.1-r7.0 | |
Ivanti Connect Secure | =9.1-r8.0 | |
Ivanti Connect Secure | =9.1-r9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22935 is a vulnerability in Pulse Connect Secure before 9.1R12 that could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
Pulse Connect Secure versions up to and including 9.1R12 are affected by CVE-2021-22935.
The severity of CVE-2021-22935 is high with a CVSS score of 7.2.
An authenticated administrator can exploit CVE-2021-22935 by injecting commands using an unsanitized web parameter.
To fix CVE-2021-22935, update Pulse Connect Secure to version 9.1R12 or later.