FAIL › dossier

Pulse Connect Secure product

8
failure events
0
zero-days
7
RCEs
8
on KEV
2
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 8 events

DateEventSevFlagsShameSummary
2021-11-03 CVE-2021-22893 critical ⚡RCE ⌖KEV 95 Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
2021-11-03 CVE-2019-11510 critical ⌖KEV 80 Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
2022-03-07 CVE-2020-8218 high ⚡RCE ⌖KEV 65 A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
2021-11-03 CVE-2021-22900 high ⚡RCE ⌖KEV 65 Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
2021-11-03 CVE-2021-22894 high ⚡RCE ⌖KEV 65 Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.
2021-11-03 CVE-2020-8260 high ⚡RCE ⌖KEV 65 Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
2021-11-03 CVE-2021-22899 high ⚡RCE ⌖KEV 65 Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
2021-11-03 CVE-2020-8243 high ⚡RCE ⌖KEV 65 Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.