10
CVE-2021-22893
- EPSS 93.51%
- Veröffentlicht 23.04.2021 17:15:08
- Zuletzt bearbeitet 21.03.2025 19:26:19
- Quelle support@hackerone.com
- Teams Watchlist Login
- Unerledigt Login
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Connect Secure Version9.0 Update-
Ivanti ≫ Connect Secure Version9.0 Updater1
Ivanti ≫ Connect Secure Version9.0 Updater2
Ivanti ≫ Connect Secure Version9.0 Updater2.1
Ivanti ≫ Connect Secure Version9.0 Updater3
Ivanti ≫ Connect Secure Version9.0 Updater3.1
Ivanti ≫ Connect Secure Version9.0 Updater3.2
Ivanti ≫ Connect Secure Version9.0 Updater3.3
Ivanti ≫ Connect Secure Version9.0 Updater3.5
Ivanti ≫ Connect Secure Version9.0 Updater4
Ivanti ≫ Connect Secure Version9.0 Updater4.1
Ivanti ≫ Connect Secure Version9.0 Updater5.0
Ivanti ≫ Connect Secure Version9.0 Updater6.0
Ivanti ≫ Connect Secure Version9.1 Update-
Ivanti ≫ Connect Secure Version9.1 Updater1
Ivanti ≫ Connect Secure Version9.1 Updater10.0
Ivanti ≫ Connect Secure Version9.1 Updater10.2
Ivanti ≫ Connect Secure Version9.1 Updater11.0
Ivanti ≫ Connect Secure Version9.1 Updater11.1
Ivanti ≫ Connect Secure Version9.1 Updater11.3
Ivanti ≫ Connect Secure Version9.1 Updater2
Ivanti ≫ Connect Secure Version9.1 Updater3
Ivanti ≫ Connect Secure Version9.1 Updater4
Ivanti ≫ Connect Secure Version9.1 Updater4.1
Ivanti ≫ Connect Secure Version9.1 Updater4.2
Ivanti ≫ Connect Secure Version9.1 Updater4.3
Ivanti ≫ Connect Secure Version9.1 Updater5
Ivanti ≫ Connect Secure Version9.1 Updater6
Ivanti ≫ Connect Secure Version9.1 Updater7
Ivanti ≫ Connect Secure Version9.1 Updater8
Ivanti ≫ Connect Secure Version9.1 Updater8.1
Ivanti ≫ Connect Secure Version9.1 Updater8.2
Ivanti ≫ Connect Secure Version9.1 Updater8.4
Ivanti ≫ Connect Secure Version9.1 Updater9
Ivanti ≫ Connect Secure Version9.1 Updater9.1
Ivanti ≫ Connect Secure Version9.1 Updater9.2
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
SchwachstelleIvanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.51% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.