What is the severity of CVE-2021-22937?

The severity of CVE-2021-22937 is high with a CVSS score of 7.2.

How can I fix CVE-2021-22937?

To fix CVE-2021-22937, upgrade Pulse Connect Secure to version 9.1R12 or a later version.

Where can I find more information about CVE-2021-22937?

You can find more information about CVE-2021-22937 in the Pulse Secure Security Advisory SA44858.

What is the Common Weakness Enumeration (CWE) ID for CVE-2021-22937?

The Common Weakness Enumeration (CWE) ID for CVE-2021-22937 is 434.

Vulnerability/
CVE-2021-22937

high

7.2

CWE

434

16/8/2021

27/2/2024

CVE-2021-22937: Malicious File Upload

Q: How does CVE-2021-22937 affect Pulse Connect Secure?

CVE-2021-22937 affects Pulse Connect Secure versions before 9.1R12, allowing an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

First published: Mon Aug 16 2021(Updated: )

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Connect Secure	<9.1
Pulsesecure Pulse Connect Secure	=9.1
Pulsesecure Pulse Connect Secure	=9.1-r1.0
Pulsesecure Pulse Connect Secure	=9.1-r10.0
Pulsesecure Pulse Connect Secure	=9.1-r11.0
Pulsesecure Pulse Connect Secure	=9.1-r2.0
Pulsesecure Pulse Connect Secure	=9.1-r3.0
Pulsesecure Pulse Connect Secure	=9.1-r4.0
Pulsesecure Pulse Connect Secure	=9.1-r5.0
Pulsesecure Pulse Connect Secure	=9.1-r6.0
Pulsesecure Pulse Connect Secure	=9.1-r7.0
Pulsesecure Pulse Connect Secure	=9.1-r8.0
Pulsesecure Pulse Connect Secure	=9.1-r9.0
Ivanti Connect Secure	=9.1
Ivanti Connect Secure	=9.1-r1.0
Ivanti Connect Secure	=9.1-r10.0
Ivanti Connect Secure	=9.1-r11.0
Ivanti Connect Secure	=9.1-r2.0
Ivanti Connect Secure	=9.1-r3.0
Ivanti Connect Secure	=9.1-r4.0
Ivanti Connect Secure	=9.1-r5.0
Ivanti Connect Secure	=9.1-r6.0
Ivanti Connect Secure	=9.1-r7.0
Ivanti Connect Secure	=9.1-r8.0
Ivanti Connect Secure	=9.1-r9.0

Never miss a vulnerability like this again

Reference Links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC

Frequently Asked Questions

What is the severity of CVE-2021-22937?
The severity of CVE-2021-22937 is high with a CVSS score of 7.2.
How does CVE-2021-22937 affect Pulse Connect Secure?
CVE-2021-22937 affects Pulse Connect Secure versions before 9.1R12, allowing an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
How can I fix CVE-2021-22937?
To fix CVE-2021-22937, upgrade Pulse Connect Secure to version 9.1R12 or a later version.
Where can I find more information about CVE-2021-22937?
You can find more information about CVE-2021-22937 in the Pulse Secure Security Advisory SA44858.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-22937?
The Common Weakness Enumeration (CWE) ID for CVE-2021-22937 is 434.

collector/nvd-index
agent/references
agent/weakness
agent/severity
agent/author
agent/type
agent/event
agent/description
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/pulsesecure
canonical/pulsesecure pulse connect secure
version/pulsesecure pulse connect secure/9.1
version/pulsesecure pulse connect secure/9.1-r1.0
version/pulsesecure pulse connect secure/9.1-r10.0
version/pulsesecure pulse connect secure/9.1-r11.0
version/pulsesecure pulse connect secure/9.1-r2.0
version/pulsesecure pulse connect secure/9.1-r3.0
version/pulsesecure pulse connect secure/9.1-r4.0
version/pulsesecure pulse connect secure/9.1-r5.0
version/pulsesecure pulse connect secure/9.1-r6.0
version/pulsesecure pulse connect secure/9.1-r7.0
version/pulsesecure pulse connect secure/9.1-r8.0
version/pulsesecure pulse connect secure/9.1-r9.0
vendor/ivanti
canonical/ivanti connect secure
version/ivanti connect secure/9.1
version/ivanti connect secure/9.1-r1.0
version/ivanti connect secure/9.1-r10.0
version/ivanti connect secure/9.1-r11.0
version/ivanti connect secure/9.1-r2.0
version/ivanti connect secure/9.1-r3.0
version/ivanti connect secure/9.1-r4.0
version/ivanti connect secure/9.1-r5.0
version/ivanti connect secure/9.1-r6.0
version/ivanti connect secure/9.1-r7.0
version/ivanti connect secure/9.1-r8.0
version/ivanti connect secure/9.1-r9.0

CVE-2021-22937: Malicious File Upload

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-22937?

How does CVE-2021-22937 affect Pulse Connect Secure?

How can I fix CVE-2021-22937?

Where can I find more information about CVE-2021-22937?

What is the Common Weakness Enumeration (CWE) ID for CVE-2021-22937?

Company

Resources

Contact