CVE-2021-22900

Name of the Vulnerable Software and Affected Versions Ivanti Pulse Connect Secure versions prior to 9.1R11.4

Description The issue is related to an unrestricted file upload in the administrator web interface of Pulse Connect Secure. This could allow an authenticated administrator to perform a file write via a maliciously crafted archive upload. The vulnerability may enable a remote attacker to elevate their privileges.

Recommendations For versions prior to 9.1R11.4, update to version 9.1R11.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrator web interface to minimize the risk of exploitation.