A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
References
Link | Resource |
---|---|
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY | Broken Link Vendor Advisory |
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY | Broken Link Vendor Advisory |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22899 |
Configurations
Configuration 1 (hide)
|
History
22 Oct 2025, 00:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Oct 2025, 20:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Oct 2025, 19:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Feb 2025, 19:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY - Broken Link, Vendor Advisory | |
CPE | cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0rx:*:*:*:*:*:*:* |
cpe:2.3:a:ivanti:connect_secure:9.0:rx:*:*:*:*:*:* |
Information
Published : 2021-05-27 12:15
Updated : 2025-10-22 00:17
NVD link : CVE-2021-22899
Mitre link : CVE-2021-22899
CVE.ORG link : CVE-2021-22899
JSON object : View
Products Affected
ivanti
- connect_secure
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')