3 matches found
CVE-2020-11580
An issue was discovered in Pulse Secure Pulse Connect Secure PCS through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate...
SA44426 - 2020-04: Out-of-Cycle Advisory: Multiple Host Checker Vulnerabilities
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about the Host Checker policy enforcement vulnerabilities highlighted in CVE-2020-11580, CVE-2020-11581, and CVE-2020-11582. These vulnerabilities...
CVE-2020-11580
CVE-2020-11580 affects Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06 where the tncc.jar applet on macOS/Linux/Solaris, under an enforced Host Checker policy, accepts arbitrary SSL certificates. This can enable a man-in-the-middle by bypassing certificate validation in the Host Checke...