521 matches found
The vulnerability of the VPN server of the Ivanti Secure Access Client (ISAC) for corporate networks (formerly known as Pulse Secure Desktop Client) on Windows operating systems arises from the use of insecure configurations. This vulnerability allows attackers to gain unauthorized access to protected information, increase their privileges, or cause service interruptions.
The vulnerability of the VPN server of Ivanti Secure Access Client formerly Pulse Secure Desktop Client for Windows operating systems is related to the use of insecure configurations. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information, increase...
CVE (2023-34298) Ivanti Secure Access Client Local Privilege Escalation
Summary A logged in Windows user can leverage functionality of the Pulse Secure / Ivanti Secure Access Client or Pulse Secure Installer Service to carry out a privilege escalation on the user machine. Mitigation None Currently Related Links https://forums.ivanti.com/s/article/New-Client-Side...
(0Day) Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within SetupService. Th...
PT-2023-24794 · Pulse Secure · Pulse Secure Client
Name of the Vulnerable Software and Affected Versions: Pulse Secure Client affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged co...
JSA10350 - Optimistic TCP acknowledgements can cause denial of service (CERT/CC VU#102014)
The Transmission Control Protocol TCP is described in RFC 793 as a means to provide reliable host-to-host transmission between hosts in a packet-switched computer network. Numerous Internet protocols such as HTTP, SMTP, and FTP rely on TCP as their underlying transport protocol. Several different...
JSA10553 - 2013-03: Security Bulletin: Pulse Secure Mobile: Android client privilege escalation
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security issue has been found in the Pulse Secure Mobile for Android. This issue could only be carried out on an Android phone that was "rooted". An issue in the Pulse Secure Mobile f...
JSA10469 - Pre-authentication CGI script prints arbitrary contents of XML and ZIP files
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Certain CGI scripts found on the appliance are accessible during pre-authentication. There is an issue that may allow access to arbitrary XML files or the contents of ZIP files on the...
JSA10497 - 2012-09: Security, Access, and Acceleration: Security Advisories Released
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new JSA advisories that have been released. In the...
JSA10376 - Pulse Policy Secure (PPS) Infranet Controller Webroot Path Disclosure Vulnerability
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. By requesting the 'remediate.cgi' script omitting certain parameters, the embedded IC web server returns the physical path of the webroot '/home/webserver/htdocs/' within an "Execute...
JSA10656 - 2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL POODLE vulnerability (CVE-2014-3566)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The SSL protocol 3.0 SSLv3 uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack. This issue is...
JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Issue in archiving web page - Dig parameter injection issue in...
JSA10515 - 2012-06: Security, Access, and, Acceleration: Security Advisories Released
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and, Acceleration bundle has been released. This message contains the links to the new PSN advisories that have been released. In the interest of speeding the...
JSA10592 - 2013-09: Security, Access, and Acceleration: Security Advisories Released
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new Pulse Secure Security Advisories JSAs that have...
JSA10551 - 2013-03: Security, Access, and Acceleration Advisories Released
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new JSA advisories that have been released. In the...
JSA10414 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Security Bundle - Admin Issue
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerability found and fixed through a combination of internal and external proactive security testing: - When an admin uses certain sub-menus within the console, a timeout is...
JSA10412 - VU#261869 - Clientless PCS products break web browser's domain-based security models
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Clientless PCS products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...
SA40003 - [Pulse Secure] July 9th 2015 OpenSSL Security Advisory (CVE-2015-1793)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On July 9th, 2015 the OpenSSL project announced a new high severity security advisory Alternative chains certificate forgery CVE-2015-1793. This issue does not affect Pulse Secure...
SA40001 - [Pulse Secure] OpenSSL security advisory for March 19th, 2015
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On March 19th the OpenSSL project released a new security advisory. This advisory can be viewed here: http://openssl.org/news/secadv20150319.txt All products are not vulnerable to the...
SA40005 - Details on fixes for OpenSSL Heartbleed issue (CVE-2014-0160)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This article provides detailed information related to the fixes for OpenSSL "Heartbleed" issue CVE-2014-0160 for PCS/PPS products. The following PCS versions are vulnerable to the...
SA40107 - Response to Juniper ScreenOS security advisory JSA10713 (CVE-2015-7755 and CVE-2015-7756)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Juniper announced a security advisory for their Netscreen Firewall ScreenOS product portfolio. The Juniper ScreenOS advisory can be found here: JSA10713 Related Links JSA10713...