Vulnerability Details CVE-2021-31922
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-31922
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:10.4
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:17.2
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:17.3
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:17.4
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:18.1
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:18.2
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:18.3
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:19.1
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:19.2
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:19.3
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:20.1
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:20.2
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:20.3
-
cpe:2.3:a:pulsesecure:virtual_traffic_manager:9.9