CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-22899

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

Exploit prediction scoring system (EPSS) score

EPSS Score 0.45

EPSS Ranking 97.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

Proposed Action

Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.

Ransomware Campaign

Unknown

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY

Products affected by CVE-2021-22899

Ivanti » Connect Secure » Version: 9.0

cpe:2.3:a:ivanti:connect_secure:9.0
Ivanti » Connect Secure » Version: 9.1

cpe:2.3:a:ivanti:connect_secure:9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-22899

Products

Pricing

Contact Us