Connect Secure@9.0 Security Vulnerabilities and Issues — Connect Secure@9.0 CVE List

Lucene search

IvantiConnect Secure9.0

5 matches found

CVE•added 2021/04/23 5:15 p.m.•1179 views

CVE-2021-22893

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Puls...

10CVSS9.9AI score0.93511EPSS

CVE•added 2021/05/27 12:15 p.m.•1013 views

CVE-2021-22894

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

9CVSS9.2AI score0.49665EPSS

CVE•added 2021/05/27 12:15 p.m.•1012 views

CVE-2021-22899

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

8.8CVSS9.2AI score0.44951EPSS

CVE•added 2021/05/27 12:15 p.m.•1007 views

CVE-2021-22900

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

7.2CVSS7.9AI score0.01668EPSS

CVE•added 2021/05/27 12:15 p.m.•79 views

CVE-2021-22908

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.

9CVSS8.8AI score0.31772EPSS