Vulnerabilities > Pulsesecure

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-35254 Resource Exhaustion vulnerability in multiple products
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
network
low complexity
pulsesecure ivanti CWE-400
7.5
2022-12-05 CVE-2022-35258 Incorrect Calculation vulnerability in multiple products
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
network
low complexity
pulsesecure ivanti CWE-682
7.5
2022-09-30 CVE-2022-21826 HTTP Request Smuggling vulnerability in Pulsesecure Pulse Connect Secure
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket.
network
low complexity
pulsesecure CWE-444
5.4
2021-11-19 CVE-2021-22965 Resource Exhaustion vulnerability in Pulsesecure Pulse Connect Secure
A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.
network
low complexity
pulsesecure CWE-400
7.8
2021-08-16 CVE-2021-22933 Path Traversal vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
network
low complexity
pulsesecure CWE-22
5.5
2021-08-16 CVE-2021-22934 Classic Buffer Overflow vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
network
low complexity
pulsesecure CWE-120
6.5
2021-08-16 CVE-2021-22935 Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
network
low complexity
pulsesecure CWE-77
6.5
2021-08-16 CVE-2021-22936 Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
4.3
2021-08-16 CVE-2021-22937 Unrestricted Upload of File with Dangerous Type vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
network
low complexity
pulsesecure CWE-434
6.5
2021-08-16 CVE-2021-22938 Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
network
low complexity
pulsesecure CWE-77
6.5