Ivanti: >> Connect Secure Security Vulnerabilities
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
CVSS Score
7.2
EPSS Score
0.075
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
CVSS Score
7.2
EPSS Score
0.054
Published
2021-08-16
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.
CVSS Score
8.8
EPSS Score
0.28
Published
2021-05-27
CVE-2021-22894
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
Known exploited
CVSS Score
8.8
EPSS Score
0.497
Published
2021-05-27
CVE-2021-22899
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
Known exploited
CVSS Score
8.8
EPSS Score
0.45
Published
2021-05-27
CVE-2021-22900
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Known exploited
CVSS Score
7.2
EPSS Score
0.017
Published
2021-05-27
CVE-2021-22893
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Known exploited
CVSS Score
10.0
EPSS Score
0.935
Published
2021-04-23
CVE-2020-8260
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
Known exploited
CVSS Score
7.2
EPSS Score
0.726
Published
2020-10-28
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
CVSS Score
4.3
EPSS Score
0.006
Published
2020-10-28