Lucene search

K
nvd[email protected]NVD:CVE-2019-11510
HistoryMay 08, 2019 - 5:29 p.m.

CVE-2019-11510

2019-05-0817:29:00
CWE-22
web.nvd.nist.gov
2

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.974

Percentile

99.9%

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Affected configurations

NVD
Node
ivanticonnect_secureMatch8.2r1.0
OR
ivanticonnect_secureMatch8.2r1.1
OR
ivanticonnect_secureMatch8.2r10.0
OR
ivanticonnect_secureMatch8.2r11.0
OR
ivanticonnect_secureMatch8.2r12.0
OR
ivanticonnect_secureMatch8.2r2.0
OR
ivanticonnect_secureMatch8.2r3.0
OR
ivanticonnect_secureMatch8.2r3.1
OR
ivanticonnect_secureMatch8.2r4.0
OR
ivanticonnect_secureMatch8.2r4.1
OR
ivanticonnect_secureMatch8.2r5.0
OR
ivanticonnect_secureMatch8.2r5.1
OR
ivanticonnect_secureMatch8.2r6.0
OR
ivanticonnect_secureMatch8.2r7.0
OR
ivanticonnect_secureMatch8.2r7.1
OR
ivanticonnect_secureMatch8.2r8.0
OR
ivanticonnect_secureMatch8.2r8.1
OR
ivanticonnect_secureMatch8.2r8.2
OR
ivanticonnect_secureMatch8.2r9.0
OR
ivanticonnect_secureMatch8.3r1
OR
ivanticonnect_secureMatch8.3r2
OR
ivanticonnect_secureMatch8.3r2.1
OR
ivanticonnect_secureMatch8.3r3
OR
ivanticonnect_secureMatch8.3r4
OR
ivanticonnect_secureMatch8.3r5
OR
ivanticonnect_secureMatch8.3r5.1
OR
ivanticonnect_secureMatch8.3r5.2
OR
ivanticonnect_secureMatch8.3r6
OR
ivanticonnect_secureMatch8.3r6.1
OR
ivanticonnect_secureMatch8.3r7
OR
ivanticonnect_secureMatch9.0r1
OR
ivanticonnect_secureMatch9.0r2
OR
ivanticonnect_secureMatch9.0r2.1
OR
ivanticonnect_secureMatch9.0r3
OR
ivanticonnect_secureMatch9.0r3.1
OR
ivanticonnect_secureMatch9.0r3.2
OR
ivanticonnect_secureMatch9.0r3.3

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.974

Percentile

99.9%