CVE-2019-11543

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure PCS 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1...

EUVD-2017-9090

Malware in sbrugna...

CVE-2020-15352

An XML external entity XXE vulnerability in Pulse Connect Secure PCS before 9.1R9 and Pulse Policy Secure PPS before 9.1R9 allows remote authenticated admins to conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

CVE-2020-8262

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting XSS and Open Redirection for authenticated user web interface...

CVE-2018-20809

A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX...

SUSE CVE-2017-11455

diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CS...

JSA10590 - 2013-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Crafted packet can cause denial of service

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A denial of service DoS issue has been found on the Pulse Connect Secure PCS and Pulse Policy Secure PPS devices. This issue can cause the system to hang ultimately requiring a restart ...

JSA10453 - 2010-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Local Client Logging Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. User session information is saved to the local system even when client logging is disabled. Pulse Secure would like to acknowledge Espion Ltd. Dublin, Ireland for bringing this to our...

JSA10591 - 2013-09 Security Bulletin: Pulse Connect Secure and Pulse Policy Secure: Multiple OpenSSL vulnerabilities

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple OpenSSL vulnerabilities have been found in the PCS and PPS devices. CVE| Issue| CVE Description| CVSS Score ---|---|---|--- CVE-2012-2131| OpenSSL buffer overflow issue| Multip...

JSA10536 - 2012-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Specifically crafted https packet may cause denial of service

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A denial of service issue was found in the Pulse Connect Secure PCS and Pulse Policy Secure PPS system software. A specific malformed https packet can potentially cause a system service...

JSA10402 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Multiple Web-based CGI and Cross Site Scripting (XSS) vulnerabilities.

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CGI and Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Internal path was displayed in some error...

JSA10628 - 2014-06 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Weak SSL cipher allowed unexpectedly when higher level cipher group is configured (CVE-2014-3812)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A weak cipher issue has been discovered on the Pulse Connect Secure PCS and Pulse Policy Secure PPS devices. When configuring the device to use a higher level cipher setting, a lower...

JSA10648 - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell Command Injection Vulnerability in Bash

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Bash or the Bourne again shell has vulnerabilities in the way it handles environment variables when it is invoked. Under some scenarios, network based remote attackers can inject shell...

JSA10489 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS) & Pulse Policy Secure (PPS): Cross Site Scripting Issue during Sign-In

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross Site Scripting issue during sign in. The following software releases have a fix for this issue: PCS: 6.5R9; 7.0R5, 7.1R2 or higher. PPS: 4.1R2 or higher. We recommend upgrading yo...

JSA10488 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS) & Pulse Policy Secure (PPS): Admin Interface Issue

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Custom Sign-In page upload requires additional validation. The following software releases have a fix for this issue: PCS: 6.5R9; 7.0R5, 7.1R2 or higher. PPS: 4.1R2 or higher. We...

JSA10377 - Pulse Policy Secure (PPS): Cross-Site Scripting Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Older software versions of Policy Secure are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute an arbitrary script. This issue is caused by ...

JSA10444 - 2010-06 Security Bulletin: Pulse Coennect Secure (PCS) and Pulse Policy Secure (PPS): Cross Site Scripting Issue during Signout

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross Site Scripting issue during sign out. This issue was found during external proactive security testing. To access the latest software, please visit: http://my.pulsesecure.net Puls...

JSA10396 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - OpenSSL - Incorrect checks for malformed signatures on DSA and ECDSA keys used with SSL/TLS on backend servers. CVE-2008-5077.

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Several functions inside OpenSSL incorrectly checked the result after calling the EVPVerifyFinal function, allowing a malformed signature to be treated as a good signature rather than ...

JSA10645 - 2014-09 Security Bulletin: Pulse Connect Secure (PSC) and Pulse Policy Secure (PPS): Cross site scripting issue (CVE-2014-3820)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure and Pulse Policy Secure PCS/PPS products. The problem is a result of incorrect user input validation on the PCS/P...

SA40002 - [Pulse Secure] June 11th 2015 OpenSSL Security Advisory

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On June 11th, 2015 the OpenSSL project announced a group of new security advisories. These issues may affect Pulse Secure products. The OpenSSL advisory can be found at the following...