8.8
CVE-2021-22899
- EPSS 44.95%
- Published 27.05.2021 12:15:07
- Last modified 12.02.2025 19:59:55
- Source support@hackerone.com
- Teams watchlist Login
- Open Login
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
Data is provided by the National Vulnerability Database (NVD)
Ivanti ≫ Connect Secure Version9.0 Update-
Ivanti ≫ Connect Secure Version9.0 Updater1
Ivanti ≫ Connect Secure Version9.0 Updater1.0
Ivanti ≫ Connect Secure Version9.0 Updater2
Ivanti ≫ Connect Secure Version9.0 Updater2.0
Ivanti ≫ Connect Secure Version9.0 Updater2.1
Ivanti ≫ Connect Secure Version9.0 Updater3
Ivanti ≫ Connect Secure Version9.0 Updater3.0
Ivanti ≫ Connect Secure Version9.0 Updater3.1
Ivanti ≫ Connect Secure Version9.0 Updater3.2
Ivanti ≫ Connect Secure Version9.0 Updater3.3
Ivanti ≫ Connect Secure Version9.0 Updater3.5
Ivanti ≫ Connect Secure Version9.0 Updater4
Ivanti ≫ Connect Secure Version9.0 Updater4.0
Ivanti ≫ Connect Secure Version9.0 Updater4.1
Ivanti ≫ Connect Secure Version9.0 Updater5.0
Ivanti ≫ Connect Secure Version9.0 Updater6.0
Ivanti ≫ Connect Secure Version9.0 Updaterx
Ivanti ≫ Connect Secure Version9.1 Update-
Ivanti ≫ Connect Secure Version9.1 Updater1
Ivanti ≫ Connect Secure Version9.1 Updater10.0
Ivanti ≫ Connect Secure Version9.1 Updater10.2
Ivanti ≫ Connect Secure Version9.1 Updater11.0
Ivanti ≫ Connect Secure Version9.1 Updater11.1
Ivanti ≫ Connect Secure Version9.1 Updater11.3
Ivanti ≫ Connect Secure Version9.1 Updater2
Ivanti ≫ Connect Secure Version9.1 Updater3
Ivanti ≫ Connect Secure Version9.1 Updater4
Ivanti ≫ Connect Secure Version9.1 Updater4.1
Ivanti ≫ Connect Secure Version9.1 Updater4.2
Ivanti ≫ Connect Secure Version9.1 Updater4.3
Ivanti ≫ Connect Secure Version9.1 Updater5
Ivanti ≫ Connect Secure Version9.1 Updater6
Ivanti ≫ Connect Secure Version9.1 Updater7
Ivanti ≫ Connect Secure Version9.1 Updater8
Ivanti ≫ Connect Secure Version9.1 Updater8.1
Ivanti ≫ Connect Secure Version9.1 Updater8.2
Ivanti ≫ Connect Secure Version9.1 Updater8.4
Ivanti ≫ Connect Secure Version9.1 Updater9
Ivanti ≫ Connect Secure Version9.1 Updater9.1
Ivanti ≫ Connect Secure Version9.1 Updater9.2
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Ivanti Pulse Connect Secure Command Injection Vulnerability
VulnerabilityIvanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 44.95% | 0.975 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.