← ExploitWatch
HomeExploited Vulnerabilities

CVE-2021-22900 — Actively Exploited: Pulse Connect Secure (Ivanti)

Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

CVE IDCVE-2021-22900
VendorIvanti
ProductPulse Connect Secure
Vulnerability nameIvanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Date added2021-11-03
Remediation due2022-05-03
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionIvanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →