Lucene search

MitreCVE-2017-14935

HistorySep 30, 2017 - 1:29 a.m.

CVE-2017-14935

2017-09-3001:29:02

CWE-20

mitre

web.nvd.nist.gov

cve-2017-14935

pulse secure

pulse one

on-premise

security vulnerability

information disclosure

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

71.3%

JSON

Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.

Affected configurations

Nvd

Node

pulsesecurepulse_one_on-premiseMatch2.0.1649

VendorProductVersionCPE
pulsesecurepulse_one_on-premise2.0.1649cpe:2.3:a:pulsesecure:pulse_one_on-premise:2.0.1649:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pulsesecure	pulse_one_on-premise	2.0.1649	cpe:2.3:a:pulsesecure:pulse_one_on-premise:2.0.1649:::::::*

References

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40971

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

71.3%

JSON

Related for CVE-2017-14935