| Product | CVSS Score / Exploitability if Applicable | Impact | Fix |
| Pulse Secure Virtual Traffic Manager | | Affected | vTM 22.1 (Released) |
| Pulse Secure Services Director | | Affected | TBD |
| Pulse Secure Web Application Firewall | | Affected | Bundled with vTM 22.1 ( Released) |
| Pulse Connect Secure | CVSS Score 7.5
CVSS3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
For this to be successfully exploited on the PCS Server, an authenticated user session between Client and Server is required. This makes the attack vector highly complex and exploitability factor medium to low. | Affected | 9.1R15 (Released) |
| Ivanti Connect Secure (ICS) | CVSS Score 7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
For this to be successfully exploited on the PCS Server, an authenticated user session between Client and Server is required. This makes the attack vector highly complex and exploitability factor medium to low. | Affected | 22.3 (Tentative for April, 2022) |
| Pulse Policy Secure | N/A | Not Affected | |
| Pulse Desktop Client | CVSS Score 7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
For the exploit to succeed on the endpoint target, it requires an authenticated user session between Client and Server and the Server to be in compromised state. This makes the attack vector highly complex and exploitability factor medium to low. | Affected | Pulse 9.1R15 (Released) |
| Pulse Mobile Client | N/A | Not Affected | |
| Pulse One | N/A | Not Affected | |
| Ivanti Neurons for ZTA | N/A | Not Affected | |
| Ivanti Neurons for secure Access | N/A | Not Affected | |
