Lucene search

[email protected]NVD:CVE-2022-21826

HistorySep 30, 2022 - 5:15 p.m.

CVE-2022-21826

2022-09-3017:15:12

CWE-444

[email protected]

web.nvd.nist.gov

pulse secure

vulnerability

http request smuggling

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request’s Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.

Affected configurations

Nvd

Node

ivanticonnect_secureMatch9.1-

ivanticonnect_secureMatch9.1r1

ivanticonnect_secureMatch9.1r1.0

ivanticonnect_secureMatch9.1r10.0

ivanticonnect_secureMatch9.1r10.2

ivanticonnect_secureMatch9.1r11.0

ivanticonnect_secureMatch9.1r11.1

ivanticonnect_secureMatch9.1r11.3

ivanticonnect_secureMatch9.1r11.4

ivanticonnect_secureMatch9.1r12

ivanticonnect_secureMatch9.1r12.1

ivanticonnect_secureMatch9.1r12.2

ivanticonnect_secureMatch9.1r13

ivanticonnect_secureMatch9.1r15

ivanticonnect_secureMatch9.1r2

ivanticonnect_secureMatch9.1r2.0

ivanticonnect_secureMatch9.1r3

ivanticonnect_secureMatch9.1r3.0

ivanticonnect_secureMatch9.1r4

ivanticonnect_secureMatch9.1r4.0

ivanticonnect_secureMatch9.1r4.1

ivanticonnect_secureMatch9.1r4.2

ivanticonnect_secureMatch9.1r4.3

ivanticonnect_secureMatch9.1r5

ivanticonnect_secureMatch9.1r5.0

ivanticonnect_secureMatch9.1r6

ivanticonnect_secureMatch9.1r6.0

ivanticonnect_secureMatch9.1r7

ivanticonnect_secureMatch9.1r7.0

ivanticonnect_secureMatch9.1r8

ivanticonnect_secureMatch9.1r8.0

ivanticonnect_secureMatch9.1r8.1

ivanticonnect_secureMatch9.1r8.2

ivanticonnect_secureMatch9.1r8.4

ivanticonnect_secureMatch9.1r9

ivanticonnect_secureMatch9.1r9.0

ivanticonnect_secureMatch9.1r9.1

ivanticonnect_secureMatch9.1r9.2

pulsesecurepulse_connect_secureRange<9.1

VendorProductVersionCPE
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:-::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r1::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r1.0::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r10.0::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r10.2::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r11.0::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r11.1::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r11.3::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r11.4::::::
ivanti	connect_secure	9.1	cpe:2.3:a:ivanti:connect_secure:9.1:r12::::::