Ivanti · Ivanti Pulse Secure Pulse Connect Secure · CVE-2021-44720
**Name of the Vulnerable Software and Affected Versions**
Ivanti Pulse Secure Pulse Connect Secure (PCS) versions prior to 9.1R12
**Description**
The administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen, allowing a read-only administrative user to escalate to a read-write administrative role.
**Recommendations**
For versions prior to 9.1R12, update to version 9.1R12 or later to resolve the issue.