← Back

CVE-2021-44720

nvd nist
Published: Aug 12, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.

Affected (21)

Ivanti
1 product
Connect Secure
Pulsesecure
1 product
Pulse Connect Secure
Configuration A
21 vulnerable
Vulnerable SoftwareAffected Versions
Ivanti
Connect Secure
Version 9.1
Connect Secure
Version 9.1 r10.0
Connect Secure
Version 9.1 r11.0
Connect Secure
Version 9.1 r11.3
Connect Secure
Version 9.1 r11.4
Connect Secure
Version 9.1 r1
Connect Secure
Version 9.1 r2
Connect Secure
Version 9.1 r3
Connect Secure
Version 9.1 r4.1
Connect Secure
Version 9.1 r4.2
Connect Secure
Version 9.1 r4.3
Connect Secure
Version 9.1 r4
Connect Secure
Version 9.1 r5
Connect Secure
Version 9.1 r6
Connect Secure
Version 9.1 r7
Connect Secure
Version 9.1 r8.1
Connect Secure
Version 9.1 r8.2
Connect Secure
Version 9.1 r8
Connect Secure
Version 9.1 r9.1
Connect Secure
Version 9.1 r9
Pulse Connect Secure
Before 9.1

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.