{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T02:22:32.502","vulnerabilities":[{"cve":{"id":"CVE-2022-21826","sourceIdentifier":"support@hackerone.com","published":"2022-09-30T17:15:12.183","lastModified":"2024-11-21T06:45:30.770","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS."},{"lang":"es","value":"Pulse Secure versiones 9.115,y anteriores, pueden ser susceptibles de contrabando de peticiones http del lado del cliente, cuando la aplicación recibe una petición POST, ignora el encabezado Content-Length de la petición y deja el cuerpo del POST en el socket TCP/TLS. Este cuerpo termina prefijando la siguiente petición HTTP enviada por esa conexión, esto significa que cuando alguien carga el sitio web el atacante puede ser capaz de hacer que el navegador emita un POST a la aplicación, permitiendo un ataque de tipo XSS"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*","matchCriteriaId":"4F450898-0B06-4073-9B76-BF22F68BD14F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*","matchCriteriaId":"4B21C181-DC49-4EBD-9932-DBB337151FF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*","matchCriteriaId":"130C8955-BDA4-4518-8EBA-740EB08FC3E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*","matchCriteriaId":"5AA4B39F-2FB9-4752-B1F1-18812B0990B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*","matchCriteriaId":"232BAB6C-D318-4F80-8F49-4E700C21F535"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*","matchCriteriaId":"ABD840BF-944E-4F4C-96DC-0256286338F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*","matchCriteriaId":"A1995F34-AE75-47C4-9A9D-DBB1D3E130E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*","matchCriteriaId":"366EF5B8-0233-49B8-806A-E54F60410ADE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*","matchCriteriaId":"6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*","matchCriteriaId":"32E0B425-A9BA-4D00-84A9-46268072D696"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*","matchCriteriaId":"BBC724E8-195B-4CB4-AC2A-63E184AED4F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*","matchCriteriaId":"7162C24D-D181-49CC-B8C2-9EE3E0CDF846"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*","matchCriteriaId":"65435A96-EF7A-439A-AA6C-CB7EAEF0A963"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*","matchCriteriaId":"CE228FBD-5AD1-4BC6-AF63-5248E671B04F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*","matchCriteriaId":"4FEFC4B1-7350-46F9-80C1-42F5AE06142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r2.0:*:*:*:*:*:*","matchCriteriaId":"4E2D041D-9BDD-416D-B658-1C517C854104"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*","matchCriteriaId":"DB7A6D62-6576-4713-9BF4-11068A72E8B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r3.0:*:*:*:*:*:*","matchCriteriaId":"7155EB34-E8E0-49AF-BDA2-FB4BFA44662E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*","matchCriteriaId":"843BC1B9-50CC-4F8F-A454-A0CEC6E92290"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4.0:*:*:*:*:*:*","matchCriteriaId":"25EE614A-5F32-4CA9-998A-4FAF16DC100C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*","matchCriteriaId":"D5355372-03EA-46D7-9104-A2785C29B664"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*","matchCriteriaId":"3DE32A0C-8944-4F51-A286-266055CA4B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*","matchCriteriaId":"0349A0CC-A372-4E51-899E-D7BA67876F4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*","matchCriteriaId":"93D1A098-BD77-4A7B-9070-A764FB435981"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*","matchCriteriaId":"F49EE829-A2CD-491E-BFC3-7888491D7C58"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*","matchCriteriaId":"3CCC2D7B-F835-45EC-A316-2F0C5F2CF565"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r6.0:*:*:*:*:*:*","matchCriteriaId":"2254DDF1-7FF3-49E1-8826-91F49A6794F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*","matchCriteriaId":"AD812596-C77C-4129-982F-C22A25B52126"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r7.0:*:*:*:*:*:*","matchCriteriaId":"B8EA4DA8-CD09-41AC-ADCB-27CF771C016B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*","matchCriteriaId":"9FA0B20D-3FA1-42AE-BDC5-93D8A182927C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r8.0:*:*:*:*:*:*","matchCriteriaId":"4D6CECCB-18BA-4219-95A2-2525A2BDCE36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*","matchCriteriaId":"BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*","matchCriteriaId":"DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*","matchCriteriaId":"07AB853D-5A3F-4142-8417-1C9FB729A89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*","matchCriteriaId":"16DAA769-8F0D-4C54-A8D9-9902995605B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r9.0:*:*:*:*:*:*","matchCriteriaId":"B7006C07-0E3F-4890-A1B3-533E10924D49"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*","matchCriteriaId":"B2C10C89-1DBC-4E91-BD28-D5097B589CA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*","matchCriteriaId":"F54753D0-6275-4F82-B874-55438D2983B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*","versionEndExcluding":"9.1","matchCriteriaId":"43AF1D62-D827-4495-A4B0-CCA0C2BEE68F"}]}]}],"references":[{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack/","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}