Connect Secure@8.3 Security Vulnerabilities and Issues — Connect Secure@8.3 CVE List

Lucene search

IvantiConnect Secure8.3

18 matches found

CVE•added 2019/05/08 5:29 p.m.•2389 views

CVE-2019-11510

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

10CVSS9.6AI score0.94464EPSS

CVE•added 2019/04/26 2:29 a.m.•1120 views

CVE-2019-11539

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin we...

8CVSS7.9AI score0.93756EPSS

CVE•added 2019/06/03 8:29 p.m.•92 views

CVE-2019-11509

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin w...

8.8CVSS9.2AI score0.07261EPSS

CVE•added 2019/04/26 2:29 a.m.•85 views

CVE-2019-11540

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.

9.8CVSS9.3AI score0.18542EPSS

CVE•added 2019/06/28 6:15 p.m.•69 views

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.

9.8CVSS9.2AI score0.01536EPSS

CVE•added 2019/04/26 2:29 a.m.•69 views

CVE-2019-11542

8CVSS8AI score0.38785EPSS

CVE•added 2019/05/08 5:29 p.m.•63 views

CVE-2019-11508

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.

8.6CVSS8.4AI score0.04517EPSS

CVE•added 2019/04/26 2:29 a.m.•60 views

CVE-2019-11538

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.

7.7CVSS8.3AI score0.03492EPSS

CVE•added 2019/06/28 6:15 p.m.•58 views

CVE-2018-20808

An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.

6.1CVSS5.9AI score0.0012EPSS

CVE•added 2019/06/28 6:15 p.m.•58 views

CVE-2018-20811

A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12.

5.3CVSS5.3AI score0.00714EPSS

CVE•added 2019/06/28 6:15 p.m.•58 views

CVE-2018-20813

An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2.

9.8CVSS9.3AI score0.03845EPSS

CVE•added 2019/06/28 6:15 p.m.•57 views

CVE-2018-20814

An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.

6.1CVSS5.9AI score0.00105EPSS

CVE•added 2019/06/28 6:15 p.m.•54 views

CVE-2018-20809

A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.

7.5CVSS7.4AI score0.03312EPSS

CVE•added 2019/04/26 2:29 a.m.•50 views

CVE-2019-11543

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.

8.3CVSS6.5AI score0.00213EPSS

CVE•added 2019/04/26 2:29 a.m.•47 views

CVE-2019-11541

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.

8.3CVSS8.2AI score0.01765EPSS

CVE•added 2019/05/08 5:29 p.m.•45 views

CVE-2019-11507

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.

6.1CVSS6.2AI score0.00424EPSS

CVE•added 2019/06/28 6:15 p.m.•44 views

CVE-2018-20807

An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.

6.1CVSS5.9AI score0.0012EPSS

CVE•added 2018/09/06 11:29 p.m.•38 views

CVE-2018-14366

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.

6.1CVSS6.2AI score0.001EPSS