CVE-2021-22934
https://notcve.org/view.php?id=CVE-2021-22934
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un administrador autenticado o a un dispositivo Pulse Connect Secure comprometido en una configuración de carga equilibrada llevar a cabo un desbordamiento del búfer por medio de una petición web maliciosa diseñada. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-22938
https://notcve.org/view.php?id=CVE-2021-22938
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podía permitir a un administrador autenticado llevar a cabo una inyección de comandos por medio de un parámetro web no saneado en la consola web del administrador. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-22933
https://notcve.org/view.php?id=CVE-2021-22933
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un administrador autenticado llevar a cabo una eliminación de archivos arbitraria por medio de una petición web maliciosamente diseñada. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-22900 – Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2021-22900
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. Una vulnerabilidad permitió múltiples cargas sin restricciones en Pulse Connect Secure versiones anteriores a 9.1R11.4, que podrían conllevar a un administrador autenticado llevar a cabo una escritura de archivo por medio de una carga de archivo diseñada con fines maliciosos en la interfaz web del administrador Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-669: Incorrect Resource Transfer Between Spheres •
CVE-2021-22899 – Ivanti Pulse Connect Secure Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-22899
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature Se presenta una vulnerabilidad de inyección de comandos en Pulse Connect Secure antes de 9.1R11.4 que permite a un atacante autenticado remoto llevar a cabo una ejecución de código remota por medio de Windows Resource Profiles Feature Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •