22 matches found
EUVD-2014-2330
Malware in sbrugna...
EUVD-2014-3761
Malware in sbrugna...
CISA and Partners Release Guidance for Modern Approaches to Network Access Security
Today, CISA, in partnership with the Federal Bureau of Investigation FBI, released guidance, Modern Approaches to Network Access Security, along with the following organizations: New Zealand’s Government Communications Security Bureau GCSB; New Zealand’s Computer Emergency Response Team CERT-NZ;...
A Secure Access Service Edge (SASE) Guide for Leaders
Discover the benefits of SASE, a network architecture built on zero trust principles, in adopting modern security architectures to reduce cyber risk across the attack surface...
JSA10646 - 2014-09 Security Bulletin: Junos Pulse Secure Access Service (SSL VPN): Cross site scripting issue (CVE-2014-3824)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure product. The problem is a result of incorrect user input validation on the SSL VPN web server. The issue exists...
CANs Reinvent LANs for an All-Local World
In an article I wrote over a year ago called “Securing the New Normal of Network Access,” I presented four access scenarios that modern organizations needed to enable users to stay securely connected and protected in the new normal of a work-from-anywhere world. Of course, “new” is a relative ter...
SASE & Zero Trust: The Dream Team
Zero Trust: We’ve been kicking that term around since 2003, by what exactly is it? In a nutshell, it’s not treating computers like humans, says Chase Cunningham, chief strategy officer at Ericom Software. Zero trust means “not putting trust relationships inside of computerized systems…and what we...
If You Don't Have A SASE Cloud Service, You Don't Have SASE At All
The Secure Access Service Edge or SASE has been a very hot buzzword in the past year. A term and category created by Gartner 2019, SASE states that the future of networking and security lies in the convergence of these categories into a single, cloud-based platform. The capabilities that SASE...
Cato SDP: Cloud-Scale and Global Remote Access Solution Review
The Scouts acknowledged the necessity to "Be Prepared" over 100 years ! ago; the industry should have, as well. Yet COVID-19 took businesses – more like the entire world – by surprise. Very few were prepared for the explosion of remote access, and the challenge of instantly shifting an entire...
Security at the Edge - What is Gartner's SASE & why does it matter?
Recently, Gartner published a report called "Market Trends: How to Win as WAN Edge and Security Converge Into the Secure Access Service Edge" that dives into how to enable security and network access controls as-a-service from the cloud. But what is Gartner's SASE pronounced like "sassy"? The...
CVE-2014-3824
Cross-site scripting XSS vulnerability in the web server in the Juniper Junos Pulse Secure Access Service SSL VPN devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-3824
CVE-2014-3824 describes a cross-site scripting (XSS) vulnerability in the web server of Juniper Junos Pulse Secure Access Service (SSL VPN) devices using IVE OS. The issue stems from incorrect user input validation on the SSL VPN web page, potentially enabling an attacker to inject arbitrary scri...
Juniper Junos Pulse Secure Access Service IVE OS (SSL VPN) Linux Network Connect Client Local Privilege Escalation (JSA10616)
According to its self-reported version, the version of Juniper Junos Pulse Secure Access Service IVE OS running on the remote host serves out a Network Connect Client, a Java-based VPN client, that is affected by a local privilege escalation vulnerability when run on Linux end-user systems. C...
CVE-2014-2291
Pulse Secure Access Service (IVE OS) is affected by CVE-2014-2291 due to inadequate input validation on the Pulse Collaboration (Secure Meeting) user pages, allowing remote authenticated users to inject arbitrary HTML/Script. Impact per sources is that this affects Juniper Junos Pulse Secure Acce...
Juniper Junos Pulse Secure Access Service IVE OS (SSL VPN) XSS (JSA10617)
According to its self-reported version, the version of Juniper Junos Pulse Secure Access Service IVE OS running on the remote host is affected by an unspecified cross-site scripting vulnerability that is present within the Pulse Collaboration Secure Meeting user pages. An attacker could exploit...
CVE-2013-6956
Cross-site scripting XSS vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to...
CVE-2013-6956
Cross-site scripting XSS vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to...
Juniper Junos Pulse Secure Access Service IVE OS (SSL VPN) Multiple XSS (JSA10589)
According to its self-reported version, the version of Juniper Junos Pulse Secure Access Service IVE OS running on the remote host is affected by multiple unspecified cross-site scripting vulnerabilities that are present on the login and support pages hosted on the device's web server. An attacke...
CVE-2013-5650
Junos Pulse Secure Access Service IVE 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service UAC 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote...
CVE-2013-5650
Junos Pulse Secure Access Service IVE 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service UAC 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote...