CVE-2021-22937
published 2021-08-16CVE-2021-22937: A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive…
PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
7.83%
93.9th percentile
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| pulsesecure | pulse_connect_secure | < 9.1 | 9.1 |
| pulsesecure | pulse_connect_secure | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2qf6-f49c-83qc: A vulnerability in Pulse Connect Secure before 9
ghsa_unreviewed·2022-05-24
CVE-2021-22937 [HIGH] CWE-434 GHSA-2qf6-f49c-83qc: A vulnerability in Pulse Connect Secure before 9
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
Ivanti
Ivanti Security Advisory: CVE-2021-22937
vendor_ivanti·2021-08-16·CVSS 7.2
CVE-2021-22937 [HIGH] CWE-434 Ivanti Security Advisory: CVE-2021-22937
Ivanti Security Advisory: CVE-2021-22937
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
CVE IDs: CVE-2021-22937
CVSS Base Score: 7.2
Severity: HIGH
CWEs: CWE-434
No detection rules found.
No public exploits indexed.
Tenable
CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways
blogs_tenable·2024-01-10·CVSS 8.2
[HIGH] CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
IT threat evolution in Q3 2021. PC statistics
blogs_securelist·2021-11-26
IT threat evolution in Q3 2021. PC statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Ransomware programs
Quarterly trends and highlights
Attack on Kaseya and the REvil story
The arrival of BlackMatter: DarkSide restored?
Q3 closures
Exploitation of vulnerabilities and new attack methods
Number of new ransomware modifications
Number of users attacked by ransomware Trojans
Geography of ransomware attacks
Top 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by cybercriminals during cyberattacks
Quarter highlights
Statistics
Attacks on macOS
Geography of threats for macOS
IoT attacks
IoT threat statistics
Attacks via web resources
Countries tha
Securelist
IT threat evolution in Q3 2021. PC statistics
blogs_securelist·2021-11-26
IT threat evolution in Q3 2021. PC statistics
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Number of users attacked by ransomware Trojans
- Geography of ransomware attacks
- Top 10 most common families of ransomware Trojans
- Miners
- Vulnerable applications used by cybercriminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution Q3 2021
- IT threat evolution in Q3 2021. PC statistics
- IT threat evolution in Q3 2021. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q3 2021:
- Kaspersky solutions blocked 1,098,968,315 attacks from online reso
Tenable
CVE-2021-22937: Remote Code Execution Patch Bypass in Pulse Connect Secure
blogs_tenable·2021-08-05·CVSS 7.2
[HIGH] CVE-2021-22937: Remote Code Execution Patch Bypass in Pulse Connect Secure
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2021-08-16
Published