Home

CVE-2021-22900

Description

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

Risk Information

Base Score
7.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.777

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r2.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4.2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4.3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r5Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r6Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r7Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r8Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r8.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r8.2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r8.4Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.5Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r4Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r4.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r5.0Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r6.0Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r10.0Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r10.2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r11.0Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r11.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r11.3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r9Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r9.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r9.2Windows
Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r1.0Windows
Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r2.0Windows
Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r3.0Windows
Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r4.0Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234