A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 12 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0rx:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:rx:*:*:*:*:*:*
Vendors & Products Pulsesecure
Pulsesecure pulse Connect Secure

Fri, 07 Feb 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2025-07-30T01:38:09.739Z

Reserved: 2021-01-06T00:00:00.000Z

Link: CVE-2021-22899

cve-icon Vulnrichment

Updated: 2024-08-03T18:58:26.157Z

cve-icon NVD

Status : Analyzed

Published: 2021-05-27T12:15:07.963

Modified: 2025-02-12T19:59:55.813

Link: CVE-2021-22899

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.