A new patch for a vulnerability that could lead to remote code execution has been assigned a separate identification number (CVE-2021-22937) and has been fixed by Ivanti Pulse Secure on Monday (along with several other bugs) The vulnerability can be bypassed by simply changing a parameter variable in the original exploit. An attacker with such access will be able to circumvent any restrictions enforced via the web application, as well as remount the filesystem, allowing them to create a persistent backdoor, extract and decrypt credentials.
Source: https://www.helpnetsecurity.com/2021/08/06/cve-2021-22937/