CVE-2021-22938
published 2021-08-16CVE-2021-22938: A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter…
PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.10%
79.4th percentile
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| pulsesecure | pulse_connect_secure | < 9.1 | 9.1 |
| pulsesecure | pulse_connect_secure | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2021-22938
vendor_ivanti·2021-08-16·CVSS 7.2
CVE-2021-22938 [HIGH] CWE-77 Ivanti Security Advisory: CVE-2021-22938
Ivanti Security Advisory: CVE-2021-22938
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
CVE IDs: CVE-2021-22938
CVSS Base Score: 7.2
Severity: HIGH
CWEs: CWE-77
GHSA
GHSA-67c5-vcgx-65h6: A vulnerability in Pulse Connect Secure before 9
ghsa_unreviewed·2022-05-24
CVE-2021-22938 [HIGH] CWE-77 GHSA-67c5-vcgx-65h6: A vulnerability in Pulse Connect Secure before 9
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-08-16
Published