CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

CVE•added 2022/08/11 3:49 p.m.•64 views

CVE-2021-44720

Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12 stores administrator passwords in the HTML source of the Maintenance > Push Configuration > Targets > Target Name screen (targets.cgi). This enables a read-only administrative user to escalate to a read-write administrative rol...

7.2CVSS7.1AI score0.026EPSS

Exploits0References2Affected Software2

OSV•added 2021/08/16 7:15 p.m.•0 views

CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...

6.1CVSS5.7AI score

Exploits0References1

Prion•added 2021/08/16 7:15 p.m.•18 views

Cross site scripting

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...

4.3CVSS6AI score0.00117EPSS

Exploits0References1Affected Software2

Positive Technologies•added 2021/08/16 12:0 a.m.•2 views

PT-2021-15285 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R12 Description: A vulnerability could allow an authenticated administrator to perform command injection via an unsanitized web parameter. Recommendations: For versions prior to 9.1R12, update to...

7.2CVSS7.1AI score0.04289EPSS

Exploits0References3

CISA•added 2021/08/06 12:0 a.m.•43 views

Ivanti Releases Security Update for Pulse Connect Secure

Ivanti has released Pulse Connect Secure system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review Ivanti's Security Advisory SA44858 and apply the necessary update. This...

7.1AI score

Exploits0References1

NCSC•added 2021/08/06 12:0 a.m.•2 views

Vulnerabilities fixed in Pulse Connect Secure

Pulse Connect has fixed vulnerabilities in Pulse Connect Secure. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remote code execution...

7.2CVSS7.5AI score0.73032EPSS

Exploits5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by