Unrated severityNVD Advisory· Published Aug 11, 2022· Updated Aug 4, 2024
CVE-2021-44720
CVE-2021-44720
Description
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Ivanti Pulse Secure/Pulse Connect Securedescription
- Range: <9.1R12
Patches
Vulnerability mechanics
References
2- gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84mitrex_refsource_MISC
- kb.pulsesecure.netmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.