Ivanti

Connect Secure

132 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2021-22908

  • EPSS 31.77%
  • Veröffentlicht 27.05.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 05:50:53

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by...

9

CVE-2021-22894

Warnung
  • EPSS 49.67%
  • Veröffentlicht 27.05.2021 12:15:07
  • Zuletzt bearbeitet 12.02.2025 20:00:49

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

8.8

CVE-2021-22899

Warnung
  • EPSS 44.95%
  • Veröffentlicht 27.05.2021 12:15:07
  • Zuletzt bearbeitet 12.02.2025 19:59:55

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

7.2

CVE-2021-22900

Warnung
  • EPSS 1.67%
  • Veröffentlicht 27.05.2021 12:15:07
  • Zuletzt bearbeitet 21.03.2025 19:25:50

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

10

CVE-2021-22893

Warnung
  • EPSS 93.51%
  • Veröffentlicht 23.04.2021 17:15:08
  • Zuletzt bearbeitet 21.03.2025 19:26:19

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to pe...

7.2

CVE-2020-8260

Warnung Exploit
  • EPSS 70.36%
  • Veröffentlicht 28.10.2020 13:15:13
  • Zuletzt bearbeitet 12.02.2025 19:59:29

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

4.3

CVE-2020-8261

  • EPSS 0.61%
  • Veröffentlicht 28.10.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:36

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.

6.1

CVE-2020-8262

  • EPSS 0.14%
  • Veröffentlicht 28.10.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:36

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

7.2

CVE-2020-15352

  • EPSS 6.56%
  • Veröffentlicht 27.10.2020 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:05:23

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML requ...

7.2

CVE-2020-8243

Warnung
  • EPSS 22.62%
  • Veröffentlicht 30.09.2020 18:15:29
  • Zuletzt bearbeitet 12.02.2025 19:56:52

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.