CVE-2021-22893
Ivanti / Pulse Connect Secure
Ransomware campaign
Added 2021-11-03
Due 2022-05-03
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
Required action
Apply updates per vendor instructions.
Notes: Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22893
Metadata
| Added to KEV | 2021-11-03 |
| Remediation due | 2022-05-03 |
| Ransomware use | Known |
| CWEs | CWE-287 |
| Ingested | 2026-04-24 15:03:13 |
Cross-mesh regulatory overlay
If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.