FAIL › dossier
Pulse Connect Secure product
8
failure events
0
zero-days
7
RCEs
8
on KEV
2
critical
95
worst shame
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
Failure history 8 events
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2021-11-03 | CVE-2021-22893 | critical | ⚡RCE ⌖KEV | 95 | Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services. |
| 2021-11-03 | CVE-2019-11510 | critical | ⌖KEV | 80 | Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI. |
| 2022-03-07 | CVE-2020-8218 | high | ⚡RCE ⌖KEV | 65 | A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. |
| 2021-11-03 | CVE-2021-22900 | high | ⚡RCE ⌖KEV | 65 | Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. |
| 2021-11-03 | CVE-2021-22894 | high | ⚡RCE ⌖KEV | 65 | Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room. |
| 2021-11-03 | CVE-2020-8260 | high | ⚡RCE ⌖KEV | 65 | Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction. |
| 2021-11-03 | CVE-2021-22899 | high | ⚡RCE ⌖KEV | 65 | Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles. |
| 2021-11-03 | CVE-2020-8243 | high | ⚡RCE ⌖KEV | 65 | Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution. |