CVE-2021-22900

CVE-2021-22900

Vendor N/A
Product Pulse Secure Secure
Weakness CWE-94 · Code injection
KEV Status Known Exploited
Published May 27, 2021
Last update October 21, 2025

CVSS base score

What the vulnerability does

01Description

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

May 27, 2021 CVE published
October 21, 2025 Record updated