ID CVE-2019-11510Type cveReporter cve@mitre.orgModified 2019-05-10T19:29:00
Description
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
{"id": "CVE-2019-11510", "bulletinFamily": "NVD", "title": "CVE-2019-11510", "description": "In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .", "published": "2019-05-08T17:29:00", "modified": "2019-05-10T19:29:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11510", "reporter": "cve@mitre.org", "references": ["https://kb.pulsesecure.net/?atype=sa", "http://www.securityfocus.com/bid/108073", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"], "cvelist": ["CVE-2019-11510"], "type": "cve", "lastseen": "2019-05-29T18:23:37", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "0b46d625a873850cddfe49ce0cdbdfd0"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "87df5cd84e5f02f5ee6470c429159e56"}, {"key": "cpe23", "hash": "25b21ad59e2b595d8931786de14f5fea"}, {"key": "cvelist", "hash": "7b231ec97dc75370b12775fcbe1e52d2"}, {"key": "cvss", "hash": "0187fd86f792b6c1e0077d0f69d0ed79"}, {"key": "cvss2", "hash": "3bf2877e19b91d4143ea460e43ce9041"}, {"key": "cvss3", "hash": "9d7a1bf739aa233fb3bce7ee66cd981d"}, {"key": "cwe", "hash": "674581bc3d63992fcfe0179e19145db2"}, {"key": "description", "hash": "c6ab9cbe196f556f75d8d5d72134a1d4"}, {"key": "href", "hash": "83212dec78bf25dabf013d57df410009"}, {"key": "modified", "hash": "75bb4a216875a00f1c3617ee660d5fe7"}, {"key": "published", "hash": "37dab024511dbc6231cdfc985421034f"}, {"key": "references", "hash": "a0c02e9d78f5b9779df708af156d5c2c"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "a691e467232abe17a64de4fee17cd838"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "cf39d4d26b57c6a4dc787412ec30c066837873b9ffa188b59512e4232c2a4c01", "viewCount": 1, "enchantments": {"score": {"value": 3.5, "vector": "NONE", "modified": "2019-05-29T18:23:37"}, "dependencies": {"references": [], "modified": "2019-05-29T18:23:37"}, "vulnersScore": 3.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:pulsesecure:pulse_connect_secure:7.1", "cpe:/a:pulsesecure:pulse_connect_secure:8.1", "cpe:/a:pulsesecure:pulse_connect_secure:9.0", "cpe:/a:pulsesecure:pulse_connect_secure:7.4", "cpe:/a:pulsesecure:pulse_connect_secure:8.3", "cpe:/a:pulsesecure:pulse_connect_secure:8.2"], "affectedSoftware": [{"name": "pulsesecure pulse_connect_secure", "operator": "eq", "version": "9.0"}, {"name": "pulsesecure pulse_connect_secure", "operator": "eq", "version": "8.2"}, {"name": "pulsesecure pulse_connect_secure", "operator": "eq", "version": "8.1"}, {"name": "pulsesecure pulse_connect_secure", "operator": "eq", "version": "7.4"}, {"name": "pulsesecure pulse_connect_secure", "operator": "eq", "version": "7.1"}, {"name": "pulsesecure pulse_connect_secure", "operator": "eq", "version": "8.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r12.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r4.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r9.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r3:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r22.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r12.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r1.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r7:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r7.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r1.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r3.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r10.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r20.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r11.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r13.3:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r2.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r10.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r10.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r11.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r1.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r9.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r9.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r12.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r4.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r3.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r5.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r19.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r22.4:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r7.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r13.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r5.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r7.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r4.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r4.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r6.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r2.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r11.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r22.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r16.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r13.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r14.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r13.6:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r13.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r19.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r11.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r3:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r4.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r13.5:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r2.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r3.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r13.4:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r12.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r9.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r6.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r11.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r8.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r3.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r9.3:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r22.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r6:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r5.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r21.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r2.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r2.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r15.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r18.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r8.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r4:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r13.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r11.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r20.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r9.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r1.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r13.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r22.3:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r14.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r2.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r12.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r10.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r6.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r17.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r1.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r6.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r6.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:r8.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r20.2:*:*:*:*:*:*"], "cwe": ["CWE-275"]}
{}
