What is CVE-2021-22900?

A high-severity vulnerability in Ivanti's Pulse Connect Secure could allow an authenticated administrator to execute file writes through malicious file uploads. Immediate action is required for affected systems.

What is the severity of CVE-2021-22900?

CVE-2021-22900 has a severity rating of HIGH with a CVSS base score of 7.2.

Is CVE-2021-22900 in CISA KEV?

Yes. CVE-2021-22900 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2021-22900 | High Vulnerability in Ivanti Pulse Connect Secure

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. This vulnerability is classified as high severity with a CVSS score of 7.2, indicating a significant risk to organizations using affected versions of the software.

The potential risk to organizations includes unauthorized access to sensitive data, as attackers may leverage this vulnerability to manipulate files on the server. Given that the attack vector is network-based, organizations that expose their Pulse Connect Secure instances to the internet are particularly at risk. Organizations should prioritize patching immediately.

Exploitation status for this vulnerability is a concern. While there are no public exploits confirmed, the vulnerability is noted in the CISA Known Exploited Vulnerabilities catalog, emphasizing the importance of addressing it promptly.

Organizations should address this vulnerability in their priority patch cycle to mitigate risks associated with potential exploitation.

Vulnerability Details

The CVE-2021-22900 vulnerability allows for multiple unrestricted uploads in Pulse Connect Secure versions before 9.1R11.4. It is categorized under CWE-94 (Code Injection) and CWE-669 (Access Control Issues). The CVSS score of 7.2 reflects a high severity level due to its potential impacts on confidentiality, integrity, and availability. The vulnerability was published on May 27, 2021.

Technical Analysis

The root cause of this vulnerability stems from improper handling of file uploads, allowing authenticated administrators to upload malicious files without adequate validation. The attack vector is network-based, and the complexity of the attack is considered low, with high privileges required for exploitation. No user interaction is needed, making it easier for attackers to execute the exploit if they have access.

Risk & Impact Analysis

The real-world deployment risk associated with this vulnerability is significant. Organizations utilizing Ivanti Pulse Connect Secure should be aware of the potential for unauthorized file manipulation, which could lead to further security breaches. The urgency assessment based on the CVSS score and its listing in the CISA catalog indicates that organizations should address this vulnerability in their priority patch cycle to prevent exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The affected versions of Pulse Connect Secure include all versions prior to 9.1R11.4, specifically versions from 9.0 to 9.1R11.x. Organizations should verify their current version and apply necessary updates.

Mitigation & Remediation

Organizations must apply updates per vendor instructions to mitigate this vulnerability. The recommended action is to update to the latest version of Pulse Connect Secure. If an immediate update is not possible, organizations should implement strict network controls and monitoring to detect unauthorized access attempts.

Detection Guidance

Organizations should monitor logs for any anomalous file upload activities and unauthorized access attempts. Behavioral anomalies in user actions may also indicate exploitation of this vulnerability.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2021-22900 highlights the importance of secure file upload mechanisms. Organizations must prioritize robust security assessments, such as the application security assessment to prevent similar vulnerabilities. This incident serves as a reminder for security teams to continuously evaluate their security posture and implement proactive measures.

In light of the current threat landscape, organizations should also consider engaging in ongoing continuous penetration testing programs to identify and remediate vulnerabilities proactively.

The trends represented by this vulnerability indicate the necessity for organizations to adopt a holistic approach to application security. By integrating security practices into the software development lifecycle, organizations can mitigate risks associated with vulnerabilities like CVE-2021-22900.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-22900: High Vulnerability in Ivanti Pulse Connect Secure