CVE-2019-11510
Ivanti / Pulse Connect Secure
Ransomware campaign
Added 2021-11-03
Due 2022-05-03
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
Required action
Apply updates per vendor instructions.
Notes: Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2019-11510
Metadata
| Added to KEV | 2021-11-03 |
| Remediation due | 2022-05-03 |
| Ransomware use | Known |
| CWEs | CWE-22 |
| Ingested | 2026-04-24 15:03:13 |
Cross-mesh regulatory overlay
If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.