vulnerability

Pulse Secure Pulse Connect Secure: CVE-2021-22893: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4 (SA44784)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Apr 19, 2021	Apr 20, 2021	Feb 20, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 19, 2021

Added

Apr 20, 2021

Modified

Feb 20, 2024

Description

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.

Solution

pulse-secure-pulse-connect-secure-upgrade-9_1r11_4

References

CVE-2021-22893
https://attackerkb.com/topics/CVE-2021-22893
https://forums.ivanti.com/s/article/SA44784?language=en_US

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report