Command Injection Vulnerability in Pulse Connect Secure Allows Remote Code Execution via Windows Resource Profiles Feature

Command Injection Vulnerability in Pulse Connect Secure Allows Remote Code Execution via Windows Resource Profiles Feature

CVE-2021-22899 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

Learn more about our Web Application Penetration Testing UK.