CVE-2022-21826

high-risk
Published 2022-09-30

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.

Do I need to act?

~
7.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Pulsesecure Ivanti

References (2)

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync...
Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync...
55
/ 100
high-risk
Severity 21/34 · High
Exploitability 10/34 · Low
Exposure 24/34 · High