Описание
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
Уязвимые конфигурации
Конфигурация 1Версия до 9.1 (исключая)
Одно из
cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r2.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r3.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r6.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r7.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9.0:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04289
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-77
CWE-77
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
EPSS
Процентиль: 89%
0.04289
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-77
CWE-77