10
CVE-2021-22893
- EPSS 93.51%
- Published 23.04.2021 17:15:08
- Last modified 21.03.2025 19:26:19
- Source support@hackerone.com
- Teams watchlist Login
- Open Login
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Data is provided by the National Vulnerability Database (NVD)
Ivanti ≫ Connect Secure Version9.0 Update-
Ivanti ≫ Connect Secure Version9.0 Updater1
Ivanti ≫ Connect Secure Version9.0 Updater2
Ivanti ≫ Connect Secure Version9.0 Updater2.1
Ivanti ≫ Connect Secure Version9.0 Updater3
Ivanti ≫ Connect Secure Version9.0 Updater3.1
Ivanti ≫ Connect Secure Version9.0 Updater3.2
Ivanti ≫ Connect Secure Version9.0 Updater3.3
Ivanti ≫ Connect Secure Version9.0 Updater3.5
Ivanti ≫ Connect Secure Version9.0 Updater4
Ivanti ≫ Connect Secure Version9.0 Updater4.1
Ivanti ≫ Connect Secure Version9.0 Updater5.0
Ivanti ≫ Connect Secure Version9.0 Updater6.0
Ivanti ≫ Connect Secure Version9.1 Update-
Ivanti ≫ Connect Secure Version9.1 Updater1
Ivanti ≫ Connect Secure Version9.1 Updater10.0
Ivanti ≫ Connect Secure Version9.1 Updater10.2
Ivanti ≫ Connect Secure Version9.1 Updater11.0
Ivanti ≫ Connect Secure Version9.1 Updater11.1
Ivanti ≫ Connect Secure Version9.1 Updater11.3
Ivanti ≫ Connect Secure Version9.1 Updater2
Ivanti ≫ Connect Secure Version9.1 Updater3
Ivanti ≫ Connect Secure Version9.1 Updater4
Ivanti ≫ Connect Secure Version9.1 Updater4.1
Ivanti ≫ Connect Secure Version9.1 Updater4.2
Ivanti ≫ Connect Secure Version9.1 Updater4.3
Ivanti ≫ Connect Secure Version9.1 Updater5
Ivanti ≫ Connect Secure Version9.1 Updater6
Ivanti ≫ Connect Secure Version9.1 Updater7
Ivanti ≫ Connect Secure Version9.1 Updater8
Ivanti ≫ Connect Secure Version9.1 Updater8.1
Ivanti ≫ Connect Secure Version9.1 Updater8.2
Ivanti ≫ Connect Secure Version9.1 Updater8.4
Ivanti ≫ Connect Secure Version9.1 Updater9
Ivanti ≫ Connect Secure Version9.1 Updater9.1
Ivanti ≫ Connect Secure Version9.1 Updater9.2
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
VulnerabilityIvanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.51% | 0.998 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.