Lucene search
K

521 matches found

BDU FSTEC
BDU FSTEC
added 2023/12/01 12:0 a.m.6 views

The vulnerability of the VPN server of the Ivanti Secure Access Client (ISAC) for corporate networks (formerly known as Pulse Secure Desktop Client) on Windows operating systems arises from the use of insecure configurations. This vulnerability allows attackers to gain unauthorized access to protected information, increase their privileges, or cause service interruptions.

The vulnerability of the VPN server of Ivanti Secure Access Client formerly Pulse Secure Desktop Client for Windows operating systems is related to the use of insecure configurations. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information, increase...

7.8CVSS7.6AI score0.00713EPSS
Exploits1References5Affected Software1
Ivanti
Ivanti
added 2023/06/22 6:28 p.m.10 views

CVE (2023-34298) Ivanti Secure Access Client Local Privilege Escalation

Summary A logged in Windows user can leverage functionality of the Pulse Secure / Ivanti Secure Access Client or Pulse Secure Installer Service to carry out a privilege escalation on the user machine. Mitigation None Currently Related Links https://forums.ivanti.com/s/article/New-Client-Side...

7.8CVSS7.5AI score0.0097EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2023/06/14 12:0 a.m.70 views

(0Day) Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within SetupService. Th...

7.8CVSS7.1AI score0.0097EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.4 views

PT-2023-24794 · Pulse Secure · Pulse Secure Client

Name of the Vulnerable Software and Affected Versions: Pulse Secure Client affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged co...

7.8CVSS8AI score0.0097EPSS
Exploits0References5
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10350 - Optimistic TCP acknowledgements can cause denial of service (CERT/CC VU#102014)

The Transmission Control Protocol TCP is described in RFC 793 as a means to provide reliable host-to-host transmission between hosts in a packet-switched computer network. Numerous Internet protocols such as HTTP, SMTP, and FTP rely on TCP as their underlying transport protocol. Several different...

7.2AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

JSA10553 - 2013-03: Security Bulletin: Pulse Secure Mobile: Android client privilege escalation

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security issue has been found in the Pulse Secure Mobile for Android. This issue could only be carried out on an Android phone that was "rooted". An issue in the Pulse Secure Mobile f...

7AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

JSA10469 - Pre-authentication CGI script prints arbitrary contents of XML and ZIP files

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Certain CGI scripts found on the appliance are accessible during pre-authentication. There is an issue that may allow access to arbitrary XML files or the contents of ZIP files on the...

7.1AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.5 views

JSA10497 - 2012-09: Security, Access, and Acceleration: Security Advisories Released

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new JSA advisories that have been released. In the...

7AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10376 - Pulse Policy Secure (PPS) Infranet Controller Webroot Path Disclosure Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. By requesting the 'remediate.cgi' script omitting certain parameters, the embedded IC web server returns the physical path of the webroot '/home/webserver/htdocs/' within an "Execute...

6.8AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10656 - 2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL POODLE vulnerability (CVE-2014-3566)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The SSL protocol 3.0 SSLv3 uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack. This issue is...

4.3CVSS6.2AI score0.99999EPSS
Exploits7
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Issue in archiving web page - Dig parameter injection issue in...

7.6AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

JSA10515 - 2012-06: Security, Access, and, Acceleration: Security Advisories Released

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and, Acceleration bundle has been released. This message contains the links to the new PSN advisories that have been released. In the interest of speeding the...

6.6AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10592 - 2013-09: Security, Access, and Acceleration: Security Advisories Released

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new Pulse Secure Security Advisories JSAs that have...

6.5AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10551 - 2013-03: Security, Access, and Acceleration Advisories Released

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new JSA advisories that have been released. In the...

6.7AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

JSA10414 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Security Bundle - Admin Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerability found and fixed through a combination of internal and external proactive security testing: - When an admin uses certain sub-menus within the console, a timeout is...

7.2AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

JSA10412 - VU#261869 - Clientless PCS products break web browser's domain-based security models

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Clientless PCS products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...

7.4AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.20 views

SA40003 - [Pulse Secure] July 9th 2015 OpenSSL Security Advisory (CVE-2015-1793)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On July 9th, 2015 the OpenSSL project announced a new high severity security advisory Alternative chains certificate forgery CVE-2015-1793. This issue does not affect Pulse Secure...

6.5CVSS6.9AI score0.61798EPSS
Exploits6
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.20 views

SA40001 - [Pulse Secure] OpenSSL security advisory for March 19th, 2015

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On March 19th the OpenSSL project released a new security advisory. This advisory can be viewed here: http://openssl.org/news/secadv20150319.txt All products are not vulnerable to the...

7.5CVSS6.9AI score0.44503EPSS
Exploits1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.34 views

SA40005 - Details on fixes for OpenSSL Heartbleed issue (CVE-2014-0160)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This article provides detailed information related to the fixes for OpenSSL "Heartbleed" issue CVE-2014-0160 for PCS/PPS products. The following PCS versions are vulnerable to the...

7.5CVSS6.6AI score0.99999EPSS
Exploits88
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA40107 - Response to Juniper ScreenOS security advisory JSA10713 (CVE-2015-7755 and CVE-2015-7756)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Juniper announced a security advisory for their Netscreen Firewall ScreenOS product portfolio. The Juniper ScreenOS advisory can be found here: JSA10713 Related Links JSA10713...

10CVSS6.8AI score0.614EPSS
Exploits7
Rows per page
Query Builder