A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Connect_secure | Ivanti | 9.0 (including) | 9.0 (including) |
| Connect_secure | Ivanti | 9.0-r1 (including) | 9.0-r1 (including) |
| Connect_secure | Ivanti | 9.0-r1.0 (including) | 9.0-r1.0 (including) |
| Connect_secure | Ivanti | 9.0-r2 (including) | 9.0-r2 (including) |
| Connect_secure | Ivanti | 9.0-r2.0 (including) | 9.0-r2.0 (including) |
| Connect_secure | Ivanti | 9.0-r2.1 (including) | 9.0-r2.1 (including) |
| Connect_secure | Ivanti | 9.0-r3 (including) | 9.0-r3 (including) |
| Connect_secure | Ivanti | 9.0-r3.0 (including) | 9.0-r3.0 (including) |
| Connect_secure | Ivanti | 9.0-r3.1 (including) | 9.0-r3.1 (including) |
| Connect_secure | Ivanti | 9.0-r3.2 (including) | 9.0-r3.2 (including) |
| Connect_secure | Ivanti | 9.0-r3.3 (including) | 9.0-r3.3 (including) |
| Connect_secure | Ivanti | 9.0-r3.5 (including) | 9.0-r3.5 (including) |
| Connect_secure | Ivanti | 9.0-r4 (including) | 9.0-r4 (including) |
| Connect_secure | Ivanti | 9.0-r4.0 (including) | 9.0-r4.0 (including) |
| Connect_secure | Ivanti | 9.0-r4.1 (including) | 9.0-r4.1 (including) |
| Connect_secure | Ivanti | 9.0-r5.0 (including) | 9.0-r5.0 (including) |
| Connect_secure | Ivanti | 9.0-r6.0 (including) | 9.0-r6.0 (including) |
| Connect_secure | Ivanti | 9.1 (including) | 9.1 (including) |
| Connect_secure | Ivanti | 9.1-r1 (including) | 9.1-r1 (including) |
| Connect_secure | Ivanti | 9.1-r10.0 (including) | 9.1-r10.0 (including) |
| Connect_secure | Ivanti | 9.1-r10.2 (including) | 9.1-r10.2 (including) |
| Connect_secure | Ivanti | 9.1-r11.0 (including) | 9.1-r11.0 (including) |
| Connect_secure | Ivanti | 9.1-r11.1 (including) | 9.1-r11.1 (including) |
| Connect_secure | Ivanti | 9.1-r11.3 (including) | 9.1-r11.3 (including) |
| Connect_secure | Ivanti | 9.1-r2 (including) | 9.1-r2 (including) |
| Connect_secure | Ivanti | 9.1-r3 (including) | 9.1-r3 (including) |
| Connect_secure | Ivanti | 9.1-r4 (including) | 9.1-r4 (including) |
| Connect_secure | Ivanti | 9.1-r4.1 (including) | 9.1-r4.1 (including) |
| Connect_secure | Ivanti | 9.1-r4.2 (including) | 9.1-r4.2 (including) |
| Connect_secure | Ivanti | 9.1-r4.3 (including) | 9.1-r4.3 (including) |
| Connect_secure | Ivanti | 9.1-r5 (including) | 9.1-r5 (including) |
| Connect_secure | Ivanti | 9.1-r6 (including) | 9.1-r6 (including) |
| Connect_secure | Ivanti | 9.1-r7 (including) | 9.1-r7 (including) |
| Connect_secure | Ivanti | 9.1-r8 (including) | 9.1-r8 (including) |
| Connect_secure | Ivanti | 9.1-r8.1 (including) | 9.1-r8.1 (including) |
| Connect_secure | Ivanti | 9.1-r8.2 (including) | 9.1-r8.2 (including) |
| Connect_secure | Ivanti | 9.1-r8.4 (including) | 9.1-r8.4 (including) |
| Connect_secure | Ivanti | 9.1-r9 (including) | 9.1-r9 (including) |
| Connect_secure | Ivanti | 9.1-r9.1 (including) | 9.1-r9.1 (including) |
| Connect_secure | Ivanti | 9.1-r9.2 (including) | 9.1-r9.2 (including) |
| Pulse_connect_secure | Pulsesecure | * | 9.1 (including) |