282 matches found
JSA10511 - 2012-06 Security Bulletin: Pulse Connect Secure (PCS): Cross site scripting issue
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure PCS product. The issue is the result of incorrect validation of user input sent to the PCS web server. This issu...
JSA10398 - Security Vulnerability in Pulse Connect Secure Platforms) RADIUS authentication mechanism
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This Security Advisory is an addendum to PSN 2008-05-007. Affected releases: 6.0R1; 6.0R2; 6.0R3; 6.0R3.1 6.1R1; 6.1R2; 6.1R3; 6.1R4, 6.1R5; 6.1R6 To download the latest software, plea...
JSA10554 - 2013-03: Security Bulletin: Pulse Connect Secure (PCS): Multiple cross site scripting issues
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple cross site scripting issues have been found in the Pulse Connect Secure PCS product. The issue is the result of incorrect validation of user input sent to the web server. This...
JSA10487 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS) & Pulse Policy Secure (PPS): OpenLDAP Issue
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. LDAPS based authentication and authorization require additional validation. The following software releases have a fix for this issue: PCS: 7.1R1 or higher. PPS: 4.1R1 or higher. We...
JSA10515 - 2012-06: Security, Access, and, Acceleration: Security Advisories Released
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and, Acceleration bundle has been released. This message contains the links to the new PSN advisories that have been released. In the interest of speeding the...
JSA10496 - 2011-12 Security Bulletin: Pulse Connect Secure (PCS): Cross Site Scripting Issue
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found during proactive security testing in the Pulse Connect Secure PCS product. The cause of this issue is due to incorrect validation of user...
JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Issue in archiving web page - Dig parameter injection issue in...
JSA10489 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS) & Pulse Policy Secure (PPS): Cross Site Scripting Issue during Sign-In
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross Site Scripting issue during sign in. The following software releases have a fix for this issue: PCS: 6.5R9; 7.0R5, 7.1R2 or higher. PPS: 4.1R2 or higher. We recommend upgrading yo...
JSA10616 - 2014-03 Security Bulletin: Pulse Connect Secure (PCS): Linux Network Connect client local user privilege escalation issue (CVE-2014-2292)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A privilege escalation issue has been found and corrected in the Linux Network Connect client. This issue could allow a non-root user to escalate their access to root privileges on a...
JSA10488 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS) & Pulse Policy Secure (PPS): Admin Interface Issue
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Custom Sign-In page upload requires additional validation. The following software releases have a fix for this issue: PCS: 6.5R9; 7.0R5, 7.1R2 or higher. PPS: 4.1R2 or higher. We...
JSA10428 - 2010-03 Security Bulletin: Pulse Connect Secure (PCS)- Cross site scripting issue on end user edit bookmarks page
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross site scripting issue on the end user edit bookmarks page. This issue was found during external proactive security testing. This vulnerability only affects users that are...
JSA10570 - 2013-05 Network Management, Identity and Policy Control Security Advisories Released
Problem A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to all the new Pulse Secure Security Advisories that have been released today. Related Links Acknowledgements Risk Level None Risk Assessment Workaround Product...
JSA10569 - 2013-05 Security Bulletin: Steel Belted Radius: OpenSSL vulnerability CVE-2012-2110
Problem OpenSSL software provided with Steel-Belted Radius SBR Enterprise is vulnerable to CVE-2012-2110. This may allow code execution type of attacks using crafted certificates. Related Links Acknowledgements Risk Level High Risk Assessment Workaround There are no known workarounds that can...
JSA10551 - 2013-03: Security, Access, and Acceleration Advisories Released
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new JSA advisories that have been released. In the...
JSA10415 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - Security Bundle - Client Issues
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Client vulnerabilities found and fixed through a combination of internal and external proactive security testing: - A security issue has been identified that could allow an...
JSA10463 - OpenLDAP doesn't properly handle character in subject Common Name (CVE-2009-3767)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A TLS library in OpenLDAP, when OpenSSL is used, does not properly handle a '\0' NULL character in a domain name in the subject's Common Name CN field of an X.509 certificate, which...
JSA10592 - 2013-09: Security, Access, and Acceleration: Security Advisories Released
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new Pulse Secure Security Advisories JSAs that have...
JSA10490 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS): Cross Site Scripting Issues
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Cross Site Scripting issue found in Secure Meeting web...
JSA10414 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Security Bundle - Admin Issue
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerability found and fixed through a combination of internal and external proactive security testing: - When an admin uses certain sub-menus within the console, a timeout is...
JSA10443 - 2010-06 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Connecting to untrusted PCS or PPS
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. PCS and PPS use ActiveX controls or Java applets to install and launch client software from a web browser. Due to the inherent problems with using ActiveX and Java applet, users can...
JSA10379 - Security Vulnerability in Pulse Connect Secue (PCS) RADIUS authentication mechanism
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. If RADIUSis being used as the authentication mechanism on PCS running an affected release of the OS, then in a specific scenario, an unauthenticated user may be able to get past the...
JSA10459 - Pulse Connect Secure (PCS) meeting_testjava.cgi XSS Vulnerability (ZDI-10-231)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The CGI script /dana-na/meeting/meetingtestjava.cgi is vulnerable to a cross-site scripting XSS attack. The script tests the presence of a JVM client by loading an applet. An attacker...
JSA10377 - Pulse Policy Secure (PPS): Cross-Site Scripting Vulnerability
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Older software versions of Policy Secure are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute an arbitrary script. This issue is caused by ...
JSA10444 - 2010-06 Security Bulletin: Pulse Coennect Secure (PCS) and Pulse Policy Secure (PPS): Cross Site Scripting Issue during Signout
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross Site Scripting issue during sign out. This issue was found during external proactive security testing. To access the latest software, please visit: http://my.pulsesecure.net Puls...
JSA10326 - PCS 2.2 Cross-Scripting Alert, Released 10/23/02
There are two specific issues that have been identified that could be exploited to generate a cross-site scripting attack. Please note that in all cases, the possibility that these issues can be exploited to compromise the system or the network is very unlikely but is possible. All customers...
JSA10325 - CERT-CSA Option Vulnerability, Released 3/10/03
If you have configured CSA in "Enabled" mode for one or more groups, then it is possible for an authenticated user in one of those groups to access servers that are not listed in the "Application List". If you have configured CSA in "Enabled, and user can add applications" mode or configured in...
JSA10413 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - Security Bundle - Authentication & Authorization Issue
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Authentication & Authorization vulnerability found and fixed through a combination of internal and external proactive security testing: - When using NTLMv1 or NTLMv2 authentication...
JSA10361 - Pulse Connect Secure (PCS) ActiveX client vulnerability
This isn't an active SA and this edit is part of an article maintenance project. Ivanti 04/03/2024. A malicious web site could trick an PCS users to click a link exploiting a vulnerability present in the ActiveX component of the PCS client software When using Internet Explorer to access the PCS...
JSA10385 - Certain crafted packets can crash Steel-Belted Radius or hijack the server machine.
Problem By sending crafted, invalid data to the TCP administration port 1813 by default or the TCP control port 1812 by default an attacker may be able to crash the SBR server process. An attacker may also be able to inject code that will run as root on the server machine. If firewalls or other...
JSA10375 - Pulse Connect Secure (PCS): Cross-Site Scripting Vulnerability
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Older software versions of Pulse Connect Secure are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute an arbitrary script. This issue is...
JSA10396 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - OpenSSL - Incorrect checks for malformed signatures on DSA and ECDSA keys used with SSL/TLS on backend servers. CVE-2008-5077.
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Several functions inside OpenSSL incorrectly checked the result after calling the EVPVerifyFinal function, allowing a malformed signature to be treated as a good signature rather than ...
JSA10401 - Pulse Connect Secure (PCS) product - PCS Security Bundle - Internal System Function
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Internal System Function vulnerabilities found and fixed through a combination of internal and external proactive security testing: Issue with special characters used in a parameter in...
JSA10412 - VU#261869 - Clientless PCS products break web browser's domain-based security models
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Clientless PCS products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...
SA40013 - TLS/SSL Renegotiation Vulnerability Pulse Connect Secure (PCS) (CVE-2009-3555) (Pulse Secure PSN-2009-11-573
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The industry-wide TLS/SSL renegotiation issue CVE-2009-3555 has been found in the Pulse Connect Secure PCS device. This issue has been reported as a man in the middle MITM attack by ma...
SA40003 - [Pulse Secure] July 9th 2015 OpenSSL Security Advisory (CVE-2015-1793)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On July 9th, 2015 the OpenSSL project announced a new high severity security advisory Alternative chains certificate forgery CVE-2015-1793. This issue does not affect Pulse Secure...
JSA10617 - 2014-03 Security Bulletin: Pulse Connect Secure: Cross site scripting issue (CVE-2014-2291)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure product. The problem is a result of incorrect user input validation on the web server. The issue exists within a...
SA40021 - GHOST glibc gethostbyname() buffer overflow (CVE-2015-0235)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A buffer overflow vulnerability has been discovered in the glibc library. This issue is known as CVE-2015-0235 and is commonly referred to as "GHOST". The issue was found in the...
SA40018 - System vulnerability issue in terms of CVE-2011-3188
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This article describes the issue of System vulnerability, which is related to CVE-2011-3188. Customer used security audit tools to verify if PCS is vulnerable and it reported the...
JSA10410 - Steel-Belted Radius EAP-FAST Authentication Succeeds with Incorrect Password
Problem Certain SBR products are vulnerable to a condition in which the authentication phase Phase 1 of EAP-FAST can be bypassed. This may allow an attacker to gain unauthorized access without providing a password or token value. This is a Pulse Secure Security Advisory released to our entitled...
SA40006 - Details on fixes for SSL/TLS MITM vulnerability (CVE-2014-0224)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The following products and versions are vulnerable to the OpenSSL vulnerability CVE-2014-0224 The vulnerability exists when both the client AND the server are vulnerable. Server-side:...
SA40054 - 2015-09: Security Advisory: Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization (CVE-2015-7323)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An authorization bypass issue has been discovered in Secure Meeting Pulse Collaboration. This issue could allow an authenticated user to log into meetings that they do not have...
SA40001 - [Pulse Secure] OpenSSL security advisory for March 19th, 2015
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On March 19th the OpenSSL project released a new security advisory. This advisory can be viewed here: http://openssl.org/news/secadv20150319.txt All products are not vulnerable to the...
SA40005 - Details on fixes for OpenSSL Heartbleed issue (CVE-2014-0160)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This article provides detailed information related to the fixes for OpenSSL "Heartbleed" issue CVE-2014-0160 for PCS/PPS products. The following PCS versions are vulnerable to the...
JSA10646 - 2014-09 Security Bulletin: Junos Pulse Secure Access Service (SSL VPN): Cross site scripting issue (CVE-2014-3824)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure product. The problem is a result of incorrect user input validation on the SSL VPN web server. The issue exists...
SA40107 - Response to Juniper ScreenOS security advisory JSA10713 (CVE-2015-7755 and CVE-2015-7756)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Juniper announced a security advisory for their Netscreen Firewall ScreenOS product portfolio. The Juniper ScreenOS advisory can be found here: JSA10713 Related Links JSA10713...
SA40015 - OpenSSL security advisory for January 8th, 2015 (including SSL "FREAK" issue)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On January 8th 2015, the OpenSSL project released a security advisory. This advisory included eight 8 new CVEs. This article will describe the vulnerability and fix status for the Puls...
SA40053 - 2015-09: Security Advisory: Secure Meeting (Pulse Collaboration) information disclosure vulnerability (CVE-2015-7322)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An information disclosure issue has been discovered in Secure Meeting Pulse Collaboration. This issue could allow an attacker to enumerate currently in progress meetings on the device...
SA40004 - [Pulse Secure] TLS connection verification issue (CVE-2015-5369)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On Pulse Connect Secure PCS that offer Hardware Acceleration PSC6000, PCS6500, MAG PSC360 and enabled, then TLS connections may be vulnerable to a protocol handshake vulnerability. This...
SA40135 - Linux kernel: Possible use-after-free vulnerability in keyring facility (CVE-2016-0728)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An issue has been found within the Linux kernel that can allow exploitation. Pulse secure does utilize the Linux kernel, however we are not vulnerable as we are not using the vulnerabl...
JSA10645 - 2014-09 Security Bulletin: Pulse Connect Secure (PSC) and Pulse Policy Secure (PPS): Cross site scripting issue (CVE-2014-3820)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure and Pulse Policy Secure PCS/PPS products. The problem is a result of incorrect user input validation on the PCS/P...