QwikSec

Security Database

CVE

CWE

Training

CVE-2021-22893

Published: Apr 23, 2021

Modified: Oct 21, 2025

PUBLISHED

Description

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.

Vendor	Product	Versions
n/a	Pulse Connect Secure	affected `PCS 9.0R3 or above, PCS 9.1R1 and above`

Weaknesses (CWE)

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/

x_refsource_MISC

https://blog.pulsesecure.net/pulse-connect-secure-security-update/

x_refsource_MISC

https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

x_refsource_MISC

https://kb.cert.org/vuls/id/213092

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.