Lucene search

[email protected]CVE-2022-21826

HistorySep 30, 2022 - 5:15 p.m.

CVE-2022-21826

2022-09-3017:15:12

CWE-444

[email protected]

web.nvd.nist.gov

pulse secure

vulnerability

http request smuggling

xss

nvd

cve-2022-21826

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.5%

JSON

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request’s Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.

Affected configurations

NVD

Node

ivanticonnect_secureMatch9.1-

ivanticonnect_secureMatch9.1r1

ivanticonnect_secureMatch9.1r1.0

ivanticonnect_secureMatch9.1r10.0

ivanticonnect_secureMatch9.1r10.2

ivanticonnect_secureMatch9.1r11.0

ivanticonnect_secureMatch9.1r11.1

ivanticonnect_secureMatch9.1r11.3

ivanticonnect_secureMatch9.1r11.4

ivanticonnect_secureMatch9.1r12

ivanticonnect_secureMatch9.1r12.1

ivanticonnect_secureMatch9.1r12.2

ivanticonnect_secureMatch9.1r13

ivanticonnect_secureMatch9.1r15

ivanticonnect_secureMatch9.1r2

ivanticonnect_secureMatch9.1r2.0

ivanticonnect_secureMatch9.1r3

ivanticonnect_secureMatch9.1r3.0

ivanticonnect_secureMatch9.1r4

ivanticonnect_secureMatch9.1r4.0

ivanticonnect_secureMatch9.1r4.1

ivanticonnect_secureMatch9.1r4.2

ivanticonnect_secureMatch9.1r4.3

ivanticonnect_secureMatch9.1r5

ivanticonnect_secureMatch9.1r5.0

ivanticonnect_secureMatch9.1r6

ivanticonnect_secureMatch9.1r6.0

ivanticonnect_secureMatch9.1r7

ivanticonnect_secureMatch9.1r7.0

ivanticonnect_secureMatch9.1r8

ivanticonnect_secureMatch9.1r8.0

ivanticonnect_secureMatch9.1r8.1

ivanticonnect_secureMatch9.1r8.2

ivanticonnect_secureMatch9.1r8.4

ivanticonnect_secureMatch9.1r9

ivanticonnect_secureMatch9.1r9.0

ivanticonnect_secureMatch9.1r9.1

ivanticonnect_secureMatch9.1r9.2

pulsesecurepulse_connect_secureRange<9.1

CPENameOperatorVersion
ivanti:connect_secureivanti connect secureeq9.1
pulsesecure:pulse_connect_securepulsesecure pulse connect securelt9.1

CPE	Name	Operator	Version
ivanti:connect_secure	ivanti connect secure	eq	9.1
pulsesecure:pulse_connect_secure	pulsesecure pulse connect secure	lt	9.1

CNA Affected

[
  {
    "product": "Pulse Connect Secure VPN Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "9.1R14 and below"
      }
    ]
  }
]