- Description
- A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
- Source
- support@hackerone.com
- NVD status
- Analyzed
- Products
- connect_secure, policy_secure
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- Ivanti Pulse Connect Secure Code Execution Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- Apr 23, 2021
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87FBC6AD-0A70-4626-A152-E49BECF9F7AF",
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B44A1120-BFB8-462B-911F-04E4D1B1E64C",
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "26AEB02E-D2D0-4D7A-BB00-9E5112696B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]