Vulnerabilities > CVE-2021-22900 - Incorrect Resource Transfer Between Spheres vulnerability in multiple products

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
pulsesecure
ivanti
CWE-669

Summary

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

Vulnerable Configurations

Part Description Count
Application
Pulsesecure
267
Application
Ivanti
40