CVE-2021-22935 in Pulse Secure and Ivanti Products
Published on August 16, 2021

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

NVD

Weakness Type

What is a Command Injection Vulnerability?

The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE-2021-22935 has been classified to as a Command Injection vulnerability or weakness.

Products Associated with CVE-2021-22935

stack.watch emails you whenever new vulnerabilities are published in Pulse Secure Pulse Connect Secure or Ivanti Connect Secure. Just hit a watch button to start following.

Pulse Secure Pulse Connect Secure

Ivanti Connect Secure

Exploit Probability

EPSS

4.29%

Percentile

88.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-22935 in Pulse Secure and Ivanti ProductsPublished on August 16, 2021

Weakness Type

What is a Command Injection Vulnerability?

Products Associated with CVE-2021-22935

Exploit Probability

CVE-2021-22935 in Pulse Secure and Ivanti Products
Published on August 16, 2021