CVE-2021-31922

HIGH

Pulsesecure Virtual Traffic Manager < 18.1 - HTTP Request Smuggling

Title source: rule
STIX 2.1

Description

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.

References (1)

Scores

CVSS v3 7.5
EPSS 0.0019
EPSS Percentile 40.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-444
Status published
Products (7)
pulsesecure/virtual_traffic_manager 18.2 (2 CPE variants)
pulsesecure/virtual_traffic_manager 19.2 (3 CPE variants)
pulsesecure/virtual_traffic_manager 19.3
pulsesecure/virtual_traffic_manager 20.1
pulsesecure/virtual_traffic_manager 20.2
pulsesecure/virtual_traffic_manager 20.3
pulsesecure/virtual_traffic_manager < 18.1
Published May 14, 2021
Tracked Since Feb 18, 2026