Cybersecurity Alerts

Actively Exploited Vulnerabilities

← Back to Cybersecurity Alerts

CVE-2019-11510

Ivanti | Pulse Connect SecureAdded 2021-11-03Remediation Deadline 2022-05-03Active Ransomware Campaign

Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability

Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-22

References

Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2019-11510