What is CVE-2021-22935?

CVE-2021-22935 is a vulnerability in Pulse Connect Secure before 9.1R12 that could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

What software is affected by CVE-2021-22935?

Pulse Connect Secure versions up to and including 9.1R12 are affected by CVE-2021-22935.

What is the severity of CVE-2021-22935?

The severity of CVE-2021-22935 is high with a CVSS score of 7.2.

How can an authenticated administrator exploit CVE-2021-22935?

An authenticated administrator can exploit CVE-2021-22935 by injecting commands using an unsanitized web parameter.

How can I fix CVE-2021-22935?

To fix CVE-2021-22935, update Pulse Connect Secure to version 9.1R12 or later.

Vulnerability/
CVE-2021-22935

high

7.2

CWE

16/8/2021

27/2/2024

CVE-2021-22935: Command Injection

First published: Mon Aug 16 2021(Updated: )

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Connect Secure	<9.1
Pulsesecure Pulse Connect Secure	=9.1
Pulsesecure Pulse Connect Secure	=9.1-r1.0
Pulsesecure Pulse Connect Secure	=9.1-r10.0
Pulsesecure Pulse Connect Secure	=9.1-r11.0
Pulsesecure Pulse Connect Secure	=9.1-r2.0
Pulsesecure Pulse Connect Secure	=9.1-r3.0
Pulsesecure Pulse Connect Secure	=9.1-r4.0
Pulsesecure Pulse Connect Secure	=9.1-r5.0
Pulsesecure Pulse Connect Secure	=9.1-r6.0
Pulsesecure Pulse Connect Secure	=9.1-r7.0
Pulsesecure Pulse Connect Secure	=9.1-r8.0
Pulsesecure Pulse Connect Secure	=9.1-r9.0
Ivanti Connect Secure	=9.1
Ivanti Connect Secure	=9.1-r1.0
Ivanti Connect Secure	=9.1-r10.0
Ivanti Connect Secure	=9.1-r11.0
Ivanti Connect Secure	=9.1-r2.0
Ivanti Connect Secure	=9.1-r3.0
Ivanti Connect Secure	=9.1-r4.0
Ivanti Connect Secure	=9.1-r5.0
Ivanti Connect Secure	=9.1-r6.0
Ivanti Connect Secure	=9.1-r7.0
Ivanti Connect Secure	=9.1-r8.0
Ivanti Connect Secure	=9.1-r9.0

Never miss a vulnerability like this again

Reference Links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC

Frequently Asked Questions

What is CVE-2021-22935?
CVE-2021-22935 is a vulnerability in Pulse Connect Secure before 9.1R12 that could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
What software is affected by CVE-2021-22935?
Pulse Connect Secure versions up to and including 9.1R12 are affected by CVE-2021-22935.
What is the severity of CVE-2021-22935?
The severity of CVE-2021-22935 is high with a CVSS score of 7.2.
How can an authenticated administrator exploit CVE-2021-22935?
An authenticated administrator can exploit CVE-2021-22935 by injecting commands using an unsanitized web parameter.
How can I fix CVE-2021-22935?
To fix CVE-2021-22935, update Pulse Connect Secure to version 9.1R12 or later.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/event
agent/description
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/pulsesecure
canonical/pulsesecure pulse connect secure
version/pulsesecure pulse connect secure/9.1
version/pulsesecure pulse connect secure/9.1-r1.0
version/pulsesecure pulse connect secure/9.1-r10.0
version/pulsesecure pulse connect secure/9.1-r11.0
version/pulsesecure pulse connect secure/9.1-r2.0
version/pulsesecure pulse connect secure/9.1-r3.0
version/pulsesecure pulse connect secure/9.1-r4.0
version/pulsesecure pulse connect secure/9.1-r5.0
version/pulsesecure pulse connect secure/9.1-r6.0
version/pulsesecure pulse connect secure/9.1-r7.0
version/pulsesecure pulse connect secure/9.1-r8.0
version/pulsesecure pulse connect secure/9.1-r9.0
vendor/ivanti
canonical/ivanti connect secure
version/ivanti connect secure/9.1
version/ivanti connect secure/9.1-r1.0
version/ivanti connect secure/9.1-r10.0
version/ivanti connect secure/9.1-r11.0
version/ivanti connect secure/9.1-r2.0
version/ivanti connect secure/9.1-r3.0
version/ivanti connect secure/9.1-r4.0
version/ivanti connect secure/9.1-r5.0
version/ivanti connect secure/9.1-r6.0
version/ivanti connect secure/9.1-r7.0
version/ivanti connect secure/9.1-r8.0
version/ivanti connect secure/9.1-r9.0