Server side request forgery (ssrf)

2016-05-2614:59:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.

CPENameOperatorVersion
connect_secureeq8.1
connect_secureeq8.2
connect_secureeq8.0
pulse_connect_secureeq8.1.0-r1.0
pulse_connect_secureeq7.4

Name	Operator	Version
connect_secure	eq	8.1
connect_secure	eq	8.2
connect_secure	eq	8.0
pulse_connect_secure	eq	8.1.0-r1.0
pulse_connect_secure	eq	7.4

References

www.securitytracker.com/id/1035932

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210