Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ivanti connect secure 9.1 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-22900
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure prior to 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Ivanti Connect Secure 9.0
6.5
CVSSv2
CVE-2020-15352
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) prior to 9.1R9 and Pulse Policy Secure (PPS) prior to 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
6.5
CVSSv2
CVE-2020-8243
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated malicious user to upload custom template to perform an arbitrary code execution.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
Ivanti Connect Secure 9.1
1 Article
6.5
CVSSv2
CVE-2020-8218
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an malicious user to crafted a URI to perform an arbitrary code execution via the admin web interface.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
1 Github repository
1 Article
5.5
CVSSv2
CVE-2021-22933
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
5.5
CVSSv2
CVE-2020-8220
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated malicious user to perform command injection via the administrator web which can cause DOS.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
4.3
CVSSv2
CVE-2021-22936
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
4.3
CVSSv2
CVE-2020-8261
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
Ivanti Connect Secure 9.1
4.3
CVSSv2
CVE-2020-8262
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow malicious users to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
Ivanti Connect Secure 9.1
4.3
CVSSv2
CVE-2020-8238
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow malicious users to conduct Cross-Site Scripting (XSS).
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
Ivanti Connect Secure 9.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »