CVE-2021-22935: 
Ivanti Connect Secure vulnerability analysis and mitigation

CVE-2021-22935 is a vulnerability discovered in Pulse Connect Secure versions before 9.1R12 that allows an authenticated administrator to perform command injection through an unsanitized web parameter. The vulnerability was disclosed in August 2021 (NVD, SecurityWeek).

The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as a Command Injection vulnerability (CWE-77), which occurs due to improper neutralization of special elements used in a command (NVD).

If successfully exploited, this vulnerability could allow an authenticated administrator to perform command injection, potentially leading to unauthorized command execution with elevated privileges. The high CVSS score indicates that successful exploitation could result in a complete compromise of system confidentiality, integrity, and availability (NVD).

The vulnerability was patched in Pulse Connect Secure version 9.1R12. Organizations are advised to upgrade to this version or later to address the vulnerability. The patch was released by Ivanti as part of a security update that addressed multiple vulnerabilities (SecurityWeek).