282 matches found
SA40107 - Response to Juniper ScreenOS security advisory JSA10713 (CVE-2015-7755 and CVE-2015-7756)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Juniper announced a security advisory for their Netscreen Firewall ScreenOS product portfolio. The Juniper ScreenOS advisory can be found here: JSA10713 Related Links JSA10713...
SA40015 - OpenSSL security advisory for January 8th, 2015 (including SSL "FREAK" issue)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On January 8th 2015, the OpenSSL project released a security advisory. This advisory included eight 8 new CVEs. This article will describe the vulnerability and fix status for the Puls...
SA40166 - Remote desktop protocol (RDP) client restriction bypass issue
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security issue was discovered in the PCS Terminal Services Remote Desktop Protocol RDP client session restrictions feature. By exploiting this issue a malicious authenticated user...
SA40140 - Pulse Secure response to CVE-2016-0777 and CVE-2016-0778
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. OpenSSH has announced two security issues: CVE-2016-0777 and CVE-2016-0778 CVE-2016-0777 CVE-2016-0778 Pulse Secure products are not vulnerable to CVE-2016-0777 and CVE-2016-0778. Our...
JSA10647 - 2014-09 Security Bulletin: Junos Pulse Secure Access Service (SSL VPN): Clickjacking issue (CVE-2014-3823)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A clickjacking issue has been found in the Pulse Connect Secure product. 'X-Frame-Options' has been added to defend against this type of attack. The attack could take place against...
SA40145 - [Pulse Secure] January 28th 2016 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On January 28th 2016 the OpenSSL project announced two new security advisories. The OpenSSL advisory can be found at the following link: https://www.openssl.org/news/secadv/20160128.tx...
SA40206 - [Pulse Secure] Denial of service issue possible (CVE-2016-4786)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An issue was discovered in the Pulse Connect Secure device that would allow an attacker to impact CPU performance. This issue exists on non-authenticated resources. This issue was...
SA40160 - [Pulse Secure] Java deserialization vulnerability response
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Pulse Secure has investigated our products to see if we were affected by Java deserialisation issues. Pulse Secure products are not vulnerable to Java deserialisation vulnerabilities...
SA40161 - [Pulse Secure] glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A buffer overflow issue was found in the glibc library. This issue was originally publicized via this post:...
SA40136 - Pulse Secure product information about Dual_EC_DRBG
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Pulse Secure will use this document to comment on whether Dual Elliptic Curve Deterministic Random Bit Generator aka DualECDRBG is used by any Pulse Secure products. No Pulse Secure...
SA40168 - [Pulse Secure] March 1st 2016 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On March 1st 2016 the OpenSSL project announced new security advisories. These issues may affect Pulse Secure products. The OpenSSL advisory can be found at the following link:...
SA40100 - [Pulse Secure] December 3rd 2015 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On December 3rd, 2015 the OpenSSL project announced a group of new security advisories. These issues may affect Pulse Secure products. The OpenSSL advisory can be found at the followin...
SA40212 - [Pulse Secure] Sign in page disclosure issue (CVE-2016-4792)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An issue was found on the Pulse Connect Secure device that could allow disclosure of sign in pages. The security of the pages is not affected by this issue. This issue was assigned:...
SA40211 - [Pulse Secure] Cross site scripting issue (CVE-2016-4790)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been discovered in the Pulse Connect Secure device. This issue exists in a file that is located in the authenticated area of the administrative user...
SA40207 - [Pulse Secure] File content disclosure issue (CVE-2016-4787)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An issue was discovered with the Pulse Connect Secure device that could allow an attacker to print out contents from files from a limited and specific directory on the device. When...
SA40210 - [Pulse Secure] Information disclosure possible on admin UI (CVE-2016-4791)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An information disclosure issue was discovered on the Pulse Connect Secure device. This issue exists on the administrative user interface and requires admin level access. Because of th...
SA40208 - [Pulse Secure] Single specific file content disclosure issue (CVE-2016-4788)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An issue was discovered with the Pulse Connect Secure device that could allow an attacker to print out contents from a specific file. The file contents do not contain any configuration...
SA40209 - [Pulse Secure] Cross site scripting issue (CVE-2016-4789)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been discovered in the Pulse Connect Secure device. This issue is related to system configuration section of the administrative user interface. This...
SA40241 - Pulse client privilege escalation issue (CVE-2016-2408)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security vulnerability was discovered within a Pulse Secure client-side component Windows OS only. By exploiting this vulnerability, a restricted user on a endpoint machine can obtain...
SA40793 - CSRF vulnerability in Pulse Connect Secure / Pulse Policy Secure (CVE-2017-11455)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability in diag.cgi may allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. PSIRT is no...
SA40886 - ssl3_read_bytes Function Denial of Service Vulnerability (CVE-2016-8610)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A denial of service flaw due to improperly handling of warning packets during a TLS/SSL connection handshake. A remote attacker could use this flaw to consume an excessive amount of CPU...
SA40196 - [Pulse Secure] Badlock security advisory (CVE-2016-2118)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The Samba team has released 8 new security advisories. The issue known as "Badlock" was included in this new group of issues. CVE-2016-2118 SAMR and LSA man in the middle attacks possib...
SA40423 - January 26, 2017 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On January 26, 2017 the OpenSSL project announced a group of new security advisories. These issues affect all supported versions of Pulse Secure products. For a list of supported...
SA40384 - November 11, 2016 OpenSSL Security Advisory
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On November 11, 2016 the OpenSSL project announced a group of new security vulnerabilities. Pulse Secure evaluates all current supported versions of Pulse Secure products. For a list of...
SA40771 - 2017-07 Security Bulletin: Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS): Cross Site Scripting Issue
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple cross site scripting issues has been found in the Pulse Connect Secure / Pulse Policy Secure device. The cause of this issue is due to incorrect validation of user input sent t...
SA40312 - September 22 2016 OpenSSL Security Advisory
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On September 22, 2016 the OpenSSL project announced a group of new security advisories. These issues affect all supported versions of Pulse Secure products. For a list of supported...
SA40425 - February 16, 2017 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On February 16, 2017 the OpenSSL project announced a group of new security advisories. These issues affect all supported versions of Pulse Secure products. For a list of supported...
SA40662 - Pulse Workspace data exposure
Problem A data exposure issue was discovered by a third party security research group where access to a small section of Pulse Secure customer data store on a recognized cloud service provider during the period of 11 AM to 2 PM on March 16, 2017. During this three-hour period, Pulse Secure has no...
SA40971 - Pulse One On-Premise Remote Information Disclosure Vulnerability
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Pulse One On-Premise software version 2.0.1649 does not properly validate requests which allows remote users to query and obtain sensitive information. This issue is exploitable only f...
SA43620 - 2018-01 Out-Of-Cycle Advisory : Pulse Secure Desktop Linux Client - SSL Certificate Validation Issue
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The Pulse Linux GUI component does not perform strict SSL certificate validation which allows the attacker to manipulate the Pulse connection set. This issue is applicable only Pulse...
SA43582 - Out-of-Cycle Advisory: Virtual Traffic Manager (vTM) Password Management Vulnerability/Sensitive Data Protection Vulnerability/Principle Of Least Privilege Violation
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability in vTM could allow an remote attacker to gain unauthorized access to a targeted system. The vulnerability is due to an insufficiently secure derivation method for the zc...
JSA10380 - Security Vulnerability in Pulse Policy Secure Platform's Radius Authentication Server used in a Realm not doing Radius Proxy.
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. When using a Radius authentication server in a realm configured with the "Do Not Proxy" option, an unauthenticated user may bypass the authentication step of the PPS login process. A b...
SA43018 - 2018-01 Out-Of-Cycle Advisory: Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS): Cross Site Scripting Issue
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue with custompage.cgi has been found in the Pulse Connect Secure / Pulse Policy Secure device. The cause is due to one of the URL parameters not sanitized. Th...
SA43860 - 2018-08 Out-of-Cycle Advisory: Pulse One On-Premise Authentication bypass (CVE-2018-7750)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Pulse One On-Premise software version 2.0.1808 and 2.0.1820 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open...
JSA10399 - Security Vulnerability in Pulse Policy Secure (PPS) software's radius authentication mechanism
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This Security Advisory is an addendum to JSA10380.. The purpose is to notify customers of the removal of the affected releases from the Pulse Secure software download site. JSA10380 -...
SA43681 - 2016-11: CSRF vulnerability with Brocade Virtual Traffic Manager (vTM) (CVE-2016-8201)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A CSRF vulnerability in Pulse Secure Virtual Traffic Manager versions released prior to and including 11.0, could allow an attacker to trick a logged-in user into making administrative...
SA43604 - 2018-01 Out-of-Cycle Advisory: Stack buffer overflow Vulnerability (CVE-2018-5299)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A buffer overflow vulnerability has been found in the web server that could allow a remote attacker to cause memory corruption and possibly execute arbitrary code via a crafted web...
SA44114 - 2019-04: Out-of-Cycle Advisory: Pulse Desktop Client and Network Connect improper handling of session cookies (CVE-2019-11213)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Under certain conditions, the Pulse Desktop Client and Network Connect could allow an attacker to access session tokens to replay and spoof sessions, and as a result, gain unauthorized...
SA43903 - Response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. SegmentSmack CVE-2018-5390 and FragmentSmack CVE-2018-5391 are described as a TCP implementation denial of service vulnerability. A remote attacker can send crafted sequences of TCP/IP...
SA43730 - 2018-04 Security Bulletin: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0R1 and vTM 18.1
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.0R1, Pulse Policy Secure 9.0R1 and Virtual Traffic Manager 18.1 releases. Refer to...
SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure PCS and Pulse Policy Secure PPS. This includes an authentication by-pass vulnerability that can...
SA44019 - February 26 2019 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On February 26 2019, the OpenSSL project announced a group of new security advisories. These issues may affect Pulse Secure products. Refer to KB43892 - What releases will Pulse Secure...
SA44193 - 2019-06: Out-of-Cycle Advisory: Multiple Linux Kernel and FreeBSD vulnerabilities
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On June 17 2019, Netflix announced a group of new security advisories related to Linux Kernel and FreeBSD. These issues may affect Pulse Secure products. For a list of supported softwa...
SA43877 - 2018-08 Security Bulletin: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop 9.0R1/9.0R2
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure and Pulse Policy Secure 9.0R1 & Pulse Desktop Client 9.0R2 releases. These issues app...
SA43667 - 2018-03 Out-of-Cycle Advisory: SAML allow authentication bypass via incorrect XML canonicalization
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple Pulse Secure products utilizing SAML implementation could allow an attacker with an authenticated access to a SAML Identity Provider IdP to bypass authentication for a differen...
2020-06: Out-of-Cycle Advisory: Pulse Secure Client TOCTOU Privilege Escalation Vulnerability (CVE-2020-13162)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security vulnerability was discovered within a Pulse Secure client-side component Windows OS only. This is a client-side exploit only and does not affect the PCS or PPS gateway serve...
SA44525 - 2020-07: Out-of-Cycle Advisory: Multiple Vulnerabilities in Apache Guacamole Software
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about the Apache Guacamole HTML5 Access vulnerabilities highlighted in CVE-2020-9498 and CVE-2020-9497. If a end user connects to a malicious or...
SA44440 - April 21 2020 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On April 21 2020, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to...
SA44516 - 2020-07: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure 9.1R8
Problem This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R8 and Pulse Policy Secure 9.1R8. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering EOE and End of Life EOL...
SA40202 - [Pulse Secure] May 3rd 2016 OpenSSL Security Advisory
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On May 3rd, 2016 the OpenSSL project announced new security advisories. This OpenSSL advisory can be found at the following link: https://openssl.org/news/secadv/20160503.txt Pulse Secu...