4 matches found
Sql injection
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. The endpoint would need to be already compromised for exploitation to succeed...
CVE-2019-11213
CVE-2019-11213 affects Pulse Secure Pulse Desktop Client and Pulse Connect Secure (Network Connect). The issue is improper handling/storage of session cookies/tokens, enabling an attacker who already compromised the endpoint to replay/spoof sessions and gain unauthorized end-user access. Affected...
CVE-2019-1573
CVE-2019-1573 affects Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and 4.1.10 and earlier for macOS. A local, authenticated attacker who has compromised the end-user account and can inspect memory could access authentication/session tokens and replay them to spoof the VPN session and ...
CVE-2019-1573 Information Disclosure in GlobalProtect Agent
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN...