What is the severity of CVE-2021-22936?

The severity of CVE-2021-22936 is medium with a CVSS score of 6.1.

How does CVE-2021-22936 affect Pulse Connect Secure?

CVE-2021-22936 affects Pulse Connect Secure versions before 9.1R12.

What is the vulnerability type of CVE-2021-22936?

CVE-2021-22936 is a cross-site scripting (XSS) vulnerability.

How can a threat actor exploit CVE-2021-22936?

A threat actor can exploit CVE-2021-22936 by performing a cross-site scripting attack against an authenticated administrator via an unsanitized web parameter.

Is there a fix available for CVE-2021-22936?

Yes, a fix for CVE-2021-22936 is available in Pulse Connect Secure version 9.1R12.

Vulnerability/
CVE-2021-22936

medium

6.1

CWE

16/8/2021

27/2/2024

CVE-2021-22936: XSS

First published: Mon Aug 16 2021(Updated: )

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Connect Secure	<9.1
Pulsesecure Pulse Connect Secure	=9.1
Pulsesecure Pulse Connect Secure	=9.1-r1.0
Pulsesecure Pulse Connect Secure	=9.1-r10.0
Pulsesecure Pulse Connect Secure	=9.1-r11.0
Pulsesecure Pulse Connect Secure	=9.1-r2.0
Pulsesecure Pulse Connect Secure	=9.1-r3.0
Pulsesecure Pulse Connect Secure	=9.1-r4.0
Pulsesecure Pulse Connect Secure	=9.1-r5.0
Pulsesecure Pulse Connect Secure	=9.1-r6.0
Pulsesecure Pulse Connect Secure	=9.1-r7.0
Pulsesecure Pulse Connect Secure	=9.1-r8.0
Pulsesecure Pulse Connect Secure	=9.1-r9.0
Ivanti Connect Secure	=9.1
Ivanti Connect Secure	=9.1-r1.0
Ivanti Connect Secure	=9.1-r10.0
Ivanti Connect Secure	=9.1-r11.0
Ivanti Connect Secure	=9.1-r2.0
Ivanti Connect Secure	=9.1-r3.0
Ivanti Connect Secure	=9.1-r4.0
Ivanti Connect Secure	=9.1-r5.0
Ivanti Connect Secure	=9.1-r6.0
Ivanti Connect Secure	=9.1-r7.0
Ivanti Connect Secure	=9.1-r8.0
Ivanti Connect Secure	=9.1-r9.0

Never miss a vulnerability like this again

Reference Links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC

Frequently Asked Questions

What is the severity of CVE-2021-22936?
The severity of CVE-2021-22936 is medium with a CVSS score of 6.1.
How does CVE-2021-22936 affect Pulse Connect Secure?
CVE-2021-22936 affects Pulse Connect Secure versions before 9.1R12.
What is the vulnerability type of CVE-2021-22936?
CVE-2021-22936 is a cross-site scripting (XSS) vulnerability.
How can a threat actor exploit CVE-2021-22936?
A threat actor can exploit CVE-2021-22936 by performing a cross-site scripting attack against an authenticated administrator via an unsanitized web parameter.
Is there a fix available for CVE-2021-22936?
Yes, a fix for CVE-2021-22936 is available in Pulse Connect Secure version 9.1R12.

collector/nvd-index
agent/references
agent/severity
agent/author
agent/weakness
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/pulsesecure
canonical/pulsesecure pulse connect secure
version/pulsesecure pulse connect secure/9.1
version/pulsesecure pulse connect secure/9.1-r1.0
version/pulsesecure pulse connect secure/9.1-r10.0
version/pulsesecure pulse connect secure/9.1-r11.0
version/pulsesecure pulse connect secure/9.1-r2.0
version/pulsesecure pulse connect secure/9.1-r3.0
version/pulsesecure pulse connect secure/9.1-r4.0
version/pulsesecure pulse connect secure/9.1-r5.0
version/pulsesecure pulse connect secure/9.1-r6.0
version/pulsesecure pulse connect secure/9.1-r7.0
version/pulsesecure pulse connect secure/9.1-r8.0
version/pulsesecure pulse connect secure/9.1-r9.0
vendor/ivanti
canonical/ivanti connect secure
version/ivanti connect secure/9.1
version/ivanti connect secure/9.1-r1.0
version/ivanti connect secure/9.1-r10.0
version/ivanti connect secure/9.1-r11.0
version/ivanti connect secure/9.1-r2.0
version/ivanti connect secure/9.1-r3.0
version/ivanti connect secure/9.1-r4.0
version/ivanti connect secure/9.1-r5.0
version/ivanti connect secure/9.1-r6.0
version/ivanti connect secure/9.1-r7.0
version/ivanti connect secure/9.1-r8.0
version/ivanti connect secure/9.1-r9.0