Pulse Secure VPN Zero-Day Flaw Patched May 20, 2021 Compliance May 4, 2021 Compliance Compliance Twitter Get Permission Ivanti, parent company of Pulse Secure, published a permanent fix Monday for a zero-day vulnerability in Pulse Connect Secure VPN products that has been exploited to target U.S. government agencies, critical infrastructure providers and other companies over the last several weeks. The zero-day flaw, which is tracked as CVE-2021-22893, is one of at least four vulnerabilities in Pulse Connect Secure VPN products that have been exploited by various groups, including one with connections to China, since earlier this year. In April, security firm FireEye published a report about the attacks as well as details about the zero-day bug that was being exploited (see: