Vulnerability Description
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Connect Secure | 9.1 |
| Pulsesecure | Pulse Connect Secure | < 9.1 |
Related Weaknesses (CWE)
References
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z0000Vendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z0000Vendor Advisory
FAQ
What is CVE-2021-22938?
CVE-2021-22938 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
How severe is CVE-2021-22938?
CVE-2021-22938 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22938?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Connect Secure, Pulsesecure Pulse Connect Secure.