Security firm Ivanti released security updates to address multiple vulnerabilities in its Pulse Connect Secure VPN appliances. The most severe flaw, tracked as CVE-2021-22937 is a high-severity remote code execution vulnerability. The flaw received a CVSS score of 9.1, experts pointed out that it results from a bypass of the patch released in October 2021 to address the CVE-2020-8260 issue. The company also addressed a critical vulnerability that could be exploited for command injection via an unsanitized web parameter”]
Source: https://securityaffairs.co/wordpress/120880/security/pulse-connect-secure-vpn-flaw-2.html