Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2021-22936
Analyzed
More InfoOfficial Page
Source-support@hackerone.com
View Known Exploited Vulnerability (KEV) details
Published At-16 Aug, 2021 | 19:15
Updated At-27 Feb, 2024 | 21:04

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r2.0:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r3.0:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r4.0:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r6.0:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r7.0:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r8.0:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r9.0:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_connect_secure>>Versions before 9.1(exclusive)
cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE-79Secondarysupport@hackerone.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySACsupport@hackerone.com
Vendor Advisory
Change History
0Changes found
Details not found