Vulnerabilities > CVE-2021-22900 - Incorrect Resource Transfer Between Spheres vulnerability in multiple products

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pulsesecure

ivanti

CWE-669

NVD

Published: 2021-05-27

Updated: 2024-02-27

Summary

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

Vulnerable Configurations

Part	Description	Count
Application	Pulsesecure Pulsesecure Pulse Connect Secure - Pulsesecure Pulse Connect Secure 7.1 Pulsesecure Pulse Connect Secure 7.4 Pulsesecure Pulse Connect Secure 7.4R1.0 Pulsesecure Pulse Connect Secure 7.4R2.0 Pulsesecure Pulse Connect Secure 7.4R3.0 Pulsesecure Pulse Connect Secure 7.4R4.0 Pulsesecure Pulse Connect Secure 7.4R5.0 Pulsesecure Pulse Connect Secure 7.4R6.0 Pulsesecure Pulse Connect Secure 7.4R7.0 Pulsesecure Pulse Connect Secure 7.4R8.0 Pulsesecure Pulse Connect Secure 7.4R9.0 Pulsesecure Pulse Connect Secure 7.4R9.1 Pulsesecure Pulse Connect Secure 7.4R9.2 Pulsesecure Pulse Connect Secure 7.4R9.3 Pulsesecure Pulse Connect Secure 7.4R10.0 Pulsesecure Pulse Connect Secure 7.4R11.0 Pulsesecure Pulse Connect Secure 7.4R11.1 Pulsesecure Pulse Connect Secure 7.4R12.0 Pulsesecure Pulse Connect Secure 7.4R13.0 Pulsesecure Pulse Connect Secure 7.4R13.1 Pulsesecure Pulse Connect Secure 7.4R13.2 Pulsesecure Pulse Connect Secure 7.4R13.3 Pulsesecure Pulse Connect Secure 8.0 Pulsesecure Pulse Connect Secure 8.0R1.0 Pulsesecure Pulse Connect Secure 8.0R1.1 Pulsesecure Pulse Connect Secure 8.0R2.0 Pulsesecure Pulse Connect Secure 8.0R3.0 Pulsesecure Pulse Connect Secure 8.0R3.1 Pulsesecure Pulse Connect Secure 8.0R3.2 Pulsesecure Pulse Connect Secure 8.0R4.0 Pulsesecure Pulse Connect Secure 8.0R4.1 Pulsesecure Pulse Connect Secure 8.0R5.0 Pulsesecure Pulse Connect Secure 8.0R6.0 Pulsesecure Pulse Connect Secure 8.0R7.0 Pulsesecure Pulse Connect Secure 8.0R7.1 Pulsesecure Pulse Connect Secure 8.0R8.0 Pulsesecure Pulse Connect Secure 8.0R8.1 Pulsesecure Pulse Connect Secure 8.0R9.0 Pulsesecure Pulse Connect Secure 8.0R10.0 Pulsesecure Pulse Connect Secure 8.0R13.0 Pulsesecure Pulse Connect Secure 8.0R13.1 Pulsesecure Pulse Connect Secure 8.0R15.0 Pulsesecure Pulse Connect Secure 8.0R15.1 Pulsesecure Pulse Connect Secure 8.0R16.0 Pulsesecure Pulse Connect Secure 8.0R16.1 Pulsesecure Pulse Connect Secure 8.0R17.0 Pulsesecure Pulse Connect Secure 8.1 Pulsesecure Pulse Connect Secure 8.1R1.0 Pulsesecure Pulse Connect Secure 8.1R1.1 Pulsesecure Pulse Connect Secure 8.1R2.0 Pulsesecure Pulse Connect Secure 8.1R2.1 Pulsesecure Pulse Connect Secure 8.1R3.0 Pulsesecure Pulse Connect Secure 8.1R3.1 Pulsesecure Pulse Connect Secure 8.1R3.2 Pulsesecure Pulse Connect Secure 8.1R4.0 Pulsesecure Pulse Connect Secure 8.1R4.1 Pulsesecure Pulse Connect Secure 8.1R5.0 Pulsesecure Pulse Connect Secure 8.1R6.0 Pulsesecure Pulse Connect Secure 8.1R7.0 Pulsesecure Pulse Connect Secure 8.1R8.0 Pulsesecure Pulse Connect Secure 8.1R9.0 Pulsesecure Pulse Connect Secure 8.1R9.1 Pulsesecure Pulse Connect Secure 8.1R9.2 Pulsesecure Pulse Connect Secure 8.1R10.0 Pulsesecure Pulse Connect Secure 8.1R11.0 Pulsesecure Pulse Connect Secure 8.1R11.1 Pulsesecure Pulse Connect Secure 8.1R12.0 Pulsesecure Pulse Connect Secure 8.1R12.1 Pulsesecure Pulse Connect Secure 8.1R13.0 Pulsesecure Pulse Connect Secure 8.1R14.0 Pulsesecure Pulse Connect Secure 8.1Rx Pulsesecure Pulse Connect Secure 8.2 Pulsesecure Pulse Connect Secure 8.2R1.0 Pulsesecure Pulse Connect Secure 8.2R1.1 Pulsesecure Pulse Connect Secure 8.2R2.0 Pulsesecure Pulse Connect Secure 8.2R3.0 Pulsesecure Pulse Connect Secure 8.2R3.1 Pulsesecure Pulse Connect Secure 8.2R4.0 Pulsesecure Pulse Connect Secure 8.2R4.1 Pulsesecure Pulse Connect Secure 8.2R5.0 Pulsesecure Pulse Connect Secure 8.2R5.1 Pulsesecure Pulse Connect Secure 8.2R6.0 Pulsesecure Pulse Connect Secure 8.2R7.0 Pulsesecure Pulse Connect Secure 8.2R7.1 Pulsesecure Pulse Connect Secure 8.2R7.2 Pulsesecure Pulse Connect Secure 8.2R8.0 Pulsesecure Pulse Connect Secure 8.2R8.1 Pulsesecure Pulse Connect Secure 8.2R8.2 Pulsesecure Pulse Connect Secure 8.2R9.0 Pulsesecure Pulse Connect Secure 8.2R10.0 Pulsesecure Pulse Connect Secure 8.2R11.0 Pulsesecure Pulse Connect Secure 8.2R12.0 Pulsesecure Pulse Connect Secure 8.2Rx Pulsesecure Pulse Connect Secure 8.3 Pulsesecure Pulse Connect Secure 8.3R1 Pulsesecure Pulse Connect Secure 8.3R1.1 Pulsesecure Pulse Connect Secure 8.3R2 Pulsesecure Pulse Connect Secure 8.3R2.1 Pulsesecure Pulse Connect Secure 8.3R3 Pulsesecure Pulse Connect Secure 8.3R4 Pulsesecure Pulse Connect Secure 8.3R5 Pulsesecure Pulse Connect Secure 8.3R5.1 Pulsesecure Pulse Connect Secure 8.3R5.2 Pulsesecure Pulse Connect Secure 8.3R6 Pulsesecure Pulse Connect Secure 8.3R6.1 Pulsesecure Pulse Connect Secure 8.3R7 Pulsesecure Pulse Connect Secure 8.3Rx Pulsesecure Pulse Connect Secure 9.0 Pulsesecure Pulse Connect Secure 9.0R1 Pulsesecure Pulse Connect Secure 9.0R2 Pulsesecure Pulse Connect Secure 9.0R2.1 Pulsesecure Pulse Connect Secure 9.0R3 Pulsesecure Pulse Connect Secure 9.0R3.1 Pulsesecure Pulse Connect Secure 9.0R3.2 Pulsesecure Pulse Connect Secure 9.0Rx Pulsesecure Pulse Connect Secure 9.1	308
Application	Ivanti Ivanti Connect Secure 9.1 Ivanti Connect Secure 9.0	40

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY