Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating...

Exploit for Improper Authentication in Ivanti Connect_Secure

19/01/2024 Update Updated with the latest info bas...

CVE-2021-44720

In Ivanti Pulse Secure Pulse Connect Secure PCS before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance Push Configuration Targets Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role...

CVE-2021-44720

In Ivanti Pulse Secure Pulse Connect Secure PCS before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance Push Configuration Targets Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role...

Design/Logic Flaw

In Ivanti Pulse Secure Pulse Connect Secure PCS before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance Push Configuration Targets Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role...

CVE-2021-44720

In Ivanti Pulse Secure Pulse Connect Secure PCS before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance Push Configuration Targets Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role...

CVE-2021-44720

Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12 stores administrator passwords in the HTML source of the Maintenance > Push Configuration > Targets > Target Name screen (targets.cgi). This enables a read-only administrative user to escalate to a read-write administrative rol...

PT-2022-12211 · Ivanti · Ivanti Pulse Secure Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Ivanti Pulse Secure Pulse Connect Secure PCS versions prior to 9.1R12 Description: The administrator password is stored in the HTML source code of the "Maintenance Push Configuration Targets Target Name" targets.cgi screen, allowing a read-on...

VulnCheck KEV: CVE-2021-22894

Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room...