CVE-2021-22899

Ivanti Pulse Connect Secure Command Injection Vulnerability

Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles. Vendor/Product: Ivanti Pulse Connect Secure. Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2021-22899