na/ Pulse Connect Secure vFixed in 9.1R12 - 6 CVEs

CVE-2021-22937

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

UNKNOWN Published Aug 16, 2021

CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

UNKNOWN Published Aug 16, 2021

CVE-2021-22935

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

UNKNOWN Published Aug 16, 2021

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.

UNKNOWN Published Aug 16, 2021

CVE-2021-22938

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

UNKNOWN Published Aug 16, 2021

CVE-2021-22933

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.

UNKNOWN Published Aug 16, 2021

Version Fixed in 9.1R12

Known Vulnerabilities

CVE-2021-22937

CVE-2021-22936

CVE-2021-22935

CVE-2021-22934

CVE-2021-22938

CVE-2021-22933