Connect Secure Security Vulnerabilities and Issues — Connect Secure CVE List

Lucene search

IvantiConnect Secure

12 matches found

CVE•added 2021/04/23 5:15 p.m.•1178 views

CVE-2021-22893

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Puls...

10CVSS9.9AI score0.93511EPSS

CVE•added 2021/05/27 12:15 p.m.•1012 views

CVE-2021-22894

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

9CVSS9.2AI score0.49665EPSS

CVE•added 2021/05/27 12:15 p.m.•1011 views

CVE-2021-22899

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

8.8CVSS9.2AI score0.44951EPSS

CVE•added 2021/05/27 12:15 p.m.•1006 views

CVE-2021-22900

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

7.2CVSS7.9AI score0.01668EPSS

CVE•added 2021/08/16 7:15 p.m.•139 views

CVE-2021-22937

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

7.2CVSS6.8AI score0.07485EPSS

CVE•added 2021/05/27 12:15 p.m.•79 views

CVE-2021-22908

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.

9CVSS8.8AI score0.31772EPSS

CVE•added 2021/08/16 7:15 p.m.•78 views

CVE-2021-22934

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.

7.2CVSS7AI score0.04382EPSS

CVE•added 2021/08/16 7:15 p.m.•75 views

CVE-2021-22933

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.

6.5CVSS6.4AI score0.06308EPSS

CVE•added 2021/08/16 7:15 p.m.•71 views

CVE-2021-22938

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

7.2CVSS7AI score0.05407EPSS

CVE•added 2021/08/16 7:15 p.m.•68 views

CVE-2021-22935

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

7.2CVSS7AI score0.05407EPSS

CVE•added 2021/08/16 7:15 p.m.•65 views

CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

6.1CVSS6.1AI score0.00252EPSS

CVE•added 2021/11/19 7:15 p.m.•50 views

CVE-2021-22965

A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.

7.8CVSS7.5AI score0.11332EPSS