CVE-2021-22900

Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. Vendor/Product: Ivanti Pulse Connect Secure. Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.