CVE-2021-31922
HIGHPulse Secure Virtual Traffic Manager < 21.1 - HTTP Request Smuggling via HTTP/2 Header
Title source: llmDescription
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
References (1)
Core 1
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44790
Scores
CVSS v3
7.5
EPSS
0.0097
EPSS Percentile
57.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-444
Status
published
Products (7)
pulsesecure/virtual_traffic_manager
18.2 (2 CPE variants)
pulsesecure/virtual_traffic_manager
19.2 (3 CPE variants)
pulsesecure/virtual_traffic_manager
19.3
pulsesecure/virtual_traffic_manager
20.1
pulsesecure/virtual_traffic_manager
20.2
pulsesecure/virtual_traffic_manager
20.3
pulsesecure/virtual_traffic_manager
< 18.1
Published
May 14, 2021
Tracked Since
Feb 18, 2026