CyberSec.Space Logo
Back to CVE Browser

CVE-2021-22899

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score61.3950%
EPSS Percentile94.55th
PublishedMay 27, 2021
Last ModifiedDec 18, 2025

Vulnerability Description

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

Affected Platforms (CPE)

πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1
πŸ“¦
Ivanti

Connect Secure

= 9.1

References & Advisories

πŸ”— https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY
πŸ”— https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22899

Related Vulnerabilities

CVE-2000-056310.0

The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a m...

CVE-2021-2289310.0

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Sh...

CVE-2019-1151010.0

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated rem...

CVE-2007-285010.0

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials ...