CVE-2021-22899

CVE-2021-22899

Vendor N/A
Product Pulse Connect Secure
Weakness CWE-77
KEV Status Known Exploited
Published May 27, 2021
Last update October 21, 2025

CVSS base score

What the vulnerability does

01Description

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

May 27, 2021 CVE published
October 21, 2025 Record updated