CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2021-22938
https://notcve.org/view.php?id=CVE-2021-22938
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podía permitir a un administrador autenticado llevar a cabo una inyección de comandos por medio de un parámetro web no saneado en la consola web del administrador. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-22933
https://notcve.org/view.php?id=CVE-2021-22933
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un administrador autenticado llevar a cabo una eliminación de archivos arbitraria por medio de una petición web maliciosamente diseñada. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 41EXPL: 0CVE-2021-22900 – Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2021-22900
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. Una vulnerabilidad permitió múltiples cargas sin restricciones en Pulse Connect Secure versiones anteriores a 9.1R11.4, que podrían conllevar a un administrador autenticado llevar a cabo una escritura de archivo por medio de una carga de archivo diseñada con fines maliciosos en la interfaz web del administrador Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0CVE-2021-22899 – Ivanti Pulse Connect Secure Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-22899
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature Se presenta una vulnerabilidad de inyección de comandos en Pulse Connect Secure antes de 9.1R11.4 que permite a un atacante autenticado remoto llevar a cabo una ejecución de código remota por medio de Windows Resource Profiles Feature Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 41EXPL: 0CVE-2021-22894 – Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-22894
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Se presenta una vulnerabilidad de Desbordamiento del Búfer en Pulse Connect Secure versiones anteriores a 9.1R11.4, permite a un atacante autenticado remoto ejecutar código arbitrario como usuario root por medio de una sala de reuniones diseñada con fines maliciosos Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •