Lucene search
+L
PulsesecurePulse Connect Secure

57 matches found

CVE
CVE
added 2021/05/27 11:15 a.m.1054 views

CVE-2021-22900

Pulse Connect Secure (PCS) before 9.1R11.4 is affected by CVE-2021-22900, which allows an authenticated administrator to write files via a malicious archive upload in the admin web interface due to an unrestricted upload vulnerability. The IVANTI advisory SA44784 consolidates multiple PCS CVEs an...

7.2CVSS7.9AI score0.14146EPSS
In wild
CVE
CVE
added 2018/08/27 5:0 p.m.204 views

CVE-2018-15910

Artifex Ghostscript before 9.24 is affected by a type confusion in the LockDistillerParams parameter that can be triggered by crafted PostScript, potentially crashing the interpreter or enabling code execution. This CVE (CVE-2018-15910) is corroborated across multiple sources (vendor advisories a...

7.8CVSS6.7AI score0.03037EPSS
CVE
CVE
added 2018/10/19 10:0 p.m.180 views

CVE-2018-18284

Ghostscript 9.25 and earlier is affected by CVE-2018-18284, where the sandbox protection can be bypassed via vectors involving the 1Policy operator. Affected component: Ghostscript interpreter; root cause: sandbox bypass in policy handling. Impact: sandbox escape via crafted PostScript; in the Ar...

8.6CVSS6.3AI score0.16288EPSS
CVE
CVE
added 2018/08/27 5:0 p.m.179 views

CVE-2018-15909

CVE-2018-15909 affects Artifex Ghostscript 9.23 (pre-2018-08-24). A type confusion in the .shfill PostScript operator can be triggered by specially crafted PostScript data, allowing an attacker to crash the Ghostscript interpreter or potentially execute arbitrary code. The vulnerability is docume...

7.8CVSS6.6AI score0.03019EPSS
CVE
CVE
added 2018/08/28 4:0 a.m.179 views

CVE-2018-15911

CVE-2018-15911 affects Artifex Ghostscript 9.23 prior to 2018-08-24. Attackers able to supply crafted PostScript can trigger uninitialized memory access in the aesdecode operator, potentially crashing the interpreter or executing code. Exploitation status is not detailed in the provided documents...

7.8CVSS6.7AI score0.03037EPSS
CVE
CVE
added 2020/07/28 2:59 p.m.166 views

CVE-2020-15408

Pulse Connect Secure (PCS) before 9.1R8 is affected by CVE-2020-15408. An authenticated attacker can access the admin page console via the end-user web interface due to a rewrite. This is documented in multiple sources (NVD/NIST entry and Pulse advisory SA44516). The issue’s impact is limited to ...

5.8CVSS4.8AI score0.0077EPSS
In wild
CVE
CVE
added 2021/08/16 6:38 p.m.158 views

CVE-2021-22937

CVE-2021-22937 affects Pulse Connect Secure (PCS) prior to version 9.1R12. An authenticated administrator could write arbitrary files by uploading a malicious archive via the administrator web interface, potentially enabling remote code execution with elevated privileges. Public advisories (Ivant...

7.2CVSS6.8AI score0.07828EPSS
CVE
CVE
added 2020/04/06 8:3 p.m.131 views

CVE-2020-11580

CVE-2020-11580 affects Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06 where the tncc.jar applet on macOS/Linux/Solaris, under an enforced Host Checker policy, accepts arbitrary SSL certificates. This can enable a man-in-the-middle by bypassing certificate validation in the Host Checke...

9.1CVSS9.1AI score0.01072EPSS
CVE
CVE
added 2018/09/05 1:0 p.m.112 views

CVE-2018-16513

CVE-2018-16513 affects Artifex Ghostscript prior to 9.24. A crafted PostScript file can trigger a type confusion in the setcolor function, potentially crashing the Ghostscript interpreter or causing unspecified other impact. Mitigation documented across multiple sources is to upgrade Ghostscript ...

7.8CVSS8AI score0.01501EPSS
CVE
CVE
added 2019/04/12 2:27 p.m.107 views

CVE-2019-11213

CVE-2019-11213 affects Pulse Secure Pulse Desktop Client and Pulse Connect Secure (Network Connect). The issue is improper handling/storage of session cookies/tokens, enabling an attacker who already compromised the endpoint to replay/spoof sessions and gain unauthorized end-user access. Affected...

8.1CVSS4.1AI score0.02822EPSS
CVE
CVE
added 2021/05/27 11:14 a.m.106 views

CVE-2021-22908

CVE-2021-22908 describes a buffer overflow in Pulse Connect Secure (PCS) related to Windows File Resource Profiles and SMB sharing. Reported as affecting PCS 9.X up to 9.1R2/3, with 9.1R3 enabling default-deny for SMB browsing; exploitation requires an authenticated user with privileges and could...

9CVSS8.8AI score0.69377EPSS
CVE
CVE
added 2020/07/27 10:10 p.m.99 views

CVE-2020-12880

CVE-2020-12880 affects Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance prior to 9.1R8. By manipulating a kernel boot parameter, an insider can drop into a root shell in a pre-install phase where the appliance source code is accessible. Root access risk is limited to the...

5.5CVSS5.5AI score0.00477EPSS
CVE
CVE
added 2021/08/16 6:38 p.m.97 views

CVE-2021-22938

Pulse Connect Secure (PCS) before version 9.1R12 is affected by CVE-2021-22938, a vulnerability where an authenticated administrator could perform command injection via an unsanitized parameter in the administrator web console. Red Hat and other sources confirm the issue and Pillar documentation ...

7.2CVSS7AI score0.02101EPSS
CVE
CVE
added 2019/04/26 1:39 a.m.96 views

CVE-2019-11540

CVE-2019-11540 affects Pulse Secure products: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS). Affected versions include PCS 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1; PPS 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1. Description: an unauthenticated, remote attacker can perform a se...

9.8CVSS9.3AI score0.08259EPSS
CVE
CVE
added 2021/08/16 6:38 p.m.94 views

CVE-2021-22934

Pulse Connect Secure (PCS) before version 9.1R12 is affected by a buffer overflow vulnerability that can be exploited by an authenticated administrator or a compromised PCS device in a load-balanced configuration via a maliciously crafted web request. The issue arises in the vulnerable handling o...

7.2CVSS7AI score0.0467EPSS
CVE
CVE
added 2021/08/16 6:38 p.m.93 views

CVE-2021-22933

CVE-2021-22933 affects Pulse Connect Secure (PCS) prior to 9.1R12. An authenticated administrator can delete arbitrary files via a maliciously crafted web request due to a vulnerability in the PCS web interface. Public sources consistently describe the issue as an arbitrary file deletion with imp...

6.5CVSS6.4AI score0.01378EPSS
CVE
CVE
added 2019/05/08 4:49 p.m.89 views

CVE-2019-11508

CVE-2019-11508 affects Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS) via the Pulse Secure vulnerability set. According to the connected sources, this CVE is a post‑auth issue in which an authenticated end-user can upload a malicious file to write arbitrary files to the local system on th...

8.6CVSS8.4AI score0.14953EPSS
CVE
CVE
added 2020/04/06 8:3 p.m.87 views

CVE-2020-11582

CVE-2020-11582 affects Pulse Secure Pulse Connect Secure (PCS) clients with Host Checker enabled. The tncc.jar applet on macOS, Linux and Solaris launches a local TCP server on a random port, reachable by local HTTP clients, with the server potentially processing commands (e.g., setcookie) releva...

8.8CVSS7.9AI score0.00879EPSS
CVE
CVE
added 2021/08/16 6:38 p.m.85 views

CVE-2021-22935

Pulse Connect Secure (PCS) before version 9.1R12 is affected by CVE-2021-22935, where an authenticated administrator can perform command injection via an unsanitized web parameter. The vulnerability affects PCS web parameters and is documented across multiple sources (NVD entry and Red Hat adviso...

7.2CVSS7AI score0.02101EPSS
CVE
CVE
added 2020/10/28 12:47 p.m.83 views

CVE-2020-8261

CVE-2020-8261: A vulnerability in Pulse Connect Secure / Pulse Policy Secure versions prior to 9.1R9 allows arbitrary cookie injection via the admin/web interfaces. Root cause details are not elaborated in the provided sources, but multiple advisories corroborate the issue. Affected products are ...

4.3CVSS4.8AI score0.02125EPSS
CVE
CVE
added 2019/04/26 1:40 a.m.82 views

CVE-2019-11542

CVE-2019-11542 describes a stack buffer overflow in Pulse Connect Secure / Pulse Policy Secure triggered by an authenticated attacker via the admin web interface by sending a specially crafted message. The issue is one of a family of vulnerabilities disclosed in Pulse Secure advisories (SA44101) ...

8CVSS8AI score0.6612EPSS
CVE
CVE
added 2020/09/29 1:41 p.m.82 views

CVE-2020-8256

CVE-2020-8256 is a vulnerability in the Pulse Connect Secure admin web interface prior to 9.1R8.2 that allows an authenticated attacker to read arbitrary files via XML External Entity (XXE) through Pulse Collaboration. The issue is confirmed across multiple sources (Red Hat advisory, Nessus plugi...

4.9CVSS5.2AI score0.03356EPSS
CVE
CVE
added 2021/08/16 6:38 p.m.82 views

CVE-2021-22936

Pulse Connect Secure prior to version 9.1R12 contains a cross-site scripting (XSS) vulnerability that allows an attacker to run client-side scripts in the context of an authenticated administrator by supplying an unsanitized web parameter. Root cause: unsanitized input in the web parameter leads ...

6.1CVSS6.1AI score0.00848EPSS
CVE
CVE
added 2020/04/06 8:3 p.m.79 views

CVE-2020-11581

Pulse Connect Secure (PCS) clients with Host Checker policy enabled on macOS, Linux, or Solaris are affected by CVE-2020-11581 due to an applet in tncc.jar that uses Runtime.getRuntime().exec(), enabling a MITM attacker to perform OS command injections via shell metacharacters in doCustomRemediat...

9.3CVSS8.5AI score0.09839EPSS
CVE
CVE
added 2022/08/11 3:49 p.m.75 views

CVE-2021-44720

Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12 stores administrator passwords in the HTML source of the Maintenance > Push Configuration > Targets > Target Name screen (targets.cgi). This enables a read-only administrative user to escalate to a read-write administrative rol...

7.2CVSS7.1AI score0.02341EPSS
CVE
CVE
added 2017/08/29 3:0 p.m.72 views

CVE-2017-11455

CVE-2017-11455 affects Pulse Connect Secure diag.cgi and Pulse Policy Secure diag.cgi, enabling remote attackers to hijack administrator authentication for requests to start tcpdump due to missing anti-CSRF tokens. Affected: Pulse Connect Secure versions 8.2R1–8.2R5 and 8.1R1–8.1R10; Pulse Policy...

8.8CVSS8.8AI score0.01305EPSS
CVE
CVE
added 2020/10/28 12:47 p.m.71 views

CVE-2020-8262

CVE-2020-8262 affects Pulse Connect Secure and Pulse Policy Secure if running versions earlier than 9.1R9. The vulnerability allows Cross-Site Scripting (XSS) and Open Redirection via the authenticated user web interface. Public references in Red Hat advisory and Nessus entries confirm the issue ...

6.1CVSS5.8AI score0.01826EPSS
CVE
CVE
added 2021/11/19 6:10 p.m.70 views

CVE-2021-22965

CVE-2021-22965 describes a DoS vulnerability in Pulse Connect Secure before 9.1R12.1. An unauthenticated administrator can trigger a denial of service by sending a malformed request to the device. Affected software is Pulse Connect Secure (PCS) prior to 9.1R12.1. The root cause relates to handlin...

7.8CVSS7.5AI score0.02123EPSS
CVE
CVE
added 2020/09/29 1:41 p.m.69 views

CVE-2020-8238

CVE-2020-8238 affects Pulse Connect Secure and Pulse Policy Secure

6.1CVSS5.8AI score0.01738EPSS
CVE
CVE
added 2022/09/30 4:24 p.m.68 views

CVE-2022-21826

Pulse Connect Secure (Pulse Secure) versions 9.115 and below are affected by a client-side HTTP request smuggling vulnerability. When handling a POST request, the application may ignore the Content-Length header and keep the POST body on the TCP/TLS socket, causing the body to prefix the next HTT...

5.4CVSS5.3AI score0.45229EPSS
CVE
CVE
added 2019/04/26 1:40 a.m.67 views

CVE-2019-11543

CVE-2019-11543 is an XSS in the admin web console of Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS). Affected product lines include PCS: 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.1RX before 8.1R15.1; PPS: 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.2RX before 5.2R12.1...

8.3CVSS6.5AI score0.0311EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.66 views

CVE-2020-8206

CVE-2020-8206 affects Pulse Connect Secure and Pulse Policy Secure versions prior to 9.1RB, enabling an attacker who has a user’s primary credentials to bypass Google TOTP authentication. Multiple connected sources confirm the same core issue: improper authentication that directly bypasses TOTP. ...

8.1CVSS8AI score0.02991EPSS
CVE
CVE
added 2020/10/27 4:10 a.m.65 views

CVE-2020-15352

CVE-2020-15352 is an XXE-based SSRF vulnerability in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) prior to 9.1R9. The issue arises from an XML External Entity in crafted XML requests that remote authenticated admins can abuse to reach server-side resources. Public sources in the conne...

7.2CVSS6.6AI score0.03162EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.64 views

CVE-2020-8221

CVE-2020-8221 describes a path traversal weakness in Pulse Connect Secure prior to 9.1R8 that allows an authenticated attacker to read arbitrary files via the administrator web interface. The issue is tied to the Pulse Connect Secure/Policy Secure family (PCS/PPS) with the

4.9CVSS4.9AI score0.0228EPSS
CVE
CVE
added 2018/01/16 9:0 p.m.62 views

CVE-2017-17947

CVE-2017-17947 is a cross-site scripting vulnerability in Pulse Secure’s Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) affecting custompage.cgi. The issue arises from one unsanitized URL parameter, enabling injected script when the attacker is authenticated as an administrator; it does...

4.8CVSS4.8AI score0.00503EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.62 views

CVE-2020-8217

Pulse Connect Secure versions prior to 9.1R8 are affected by a cross-site scripting (XSS) vulnerability in the URL used for Citrix ICA. The root cause is insufficient validation/cleaning of client data in the web application, allowing attacker-controlled input to execute client-side code. Impact ...

5.4CVSS5.2AI score0.01354EPSS
CVE
CVE
added 2019/04/26 1:40 a.m.61 views

CVE-2019-11541

Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) are affected by CVE-2019-11541 in the Reuse Existing NC (Pulse) Session option for SAML authentication, which may cause authentication leaks. Affected versions are PCS 9.0RX before 9.0R3.4, PCS 8.3RX before 8.3R7.1, and PCS 8.2RX before 8.2...

8.3CVSS8.2AI score0.03989EPSS
CVE
CVE
added 2017/07/12 8:0 p.m.60 views

CVE-2017-11195

Pulse Connect Secure 8.3R1 is affected by a reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is echoed inside an IFRAME when it contains two quotes, with sanitization preventing simple quote closure but allowing javascript: or data: schemes to be abused. Affected component: launchHel...

6.1CVSS5.9AI score0.00898EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.59 views

CVE-2020-8216

CVE-2020-8216 describes an information-disclosure vulnerability in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) prior to version 9.1R8, where an authenticated end-user can reveal meeting details if they know the Meeting ID. Public sources in the provided documents confirm the affected...

4.3CVSS4.2AI score0.02283EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.57 views

CVE-2020-8220

Pulse Connect Secure prior to 9.1R8 is affected by CVE-2020-8220: an authenticated attacker can use the administrator web interface to perform command injection, causing a denial of service. The Red Hat/IVANTI/Nessus entries confirm the issue and point to upgrading to 9.1R8 as the remediation."

6.5CVSS6.5AI score0.0246EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.56 views

CVE-2020-8219

Pulse Connect Secure (PCS) and Pulse Policy Secure versions prior to 9.1R8 are affected by CVE-2020-8219 due to an insufficient permission check that allows an attacker to change the password of a full administrator. Impact is limited to unauthorized password change of admin accounts; no exploit ...

7.2CVSS6.9AI score0.02224EPSS
CVE
CVE
added 2017/07/12 8:0 p.m.55 views

CVE-2017-11196

Pulse Connect Secure 8.3R1 is affected by a Cross-Site Request Forgery in logout.cgi. The admin panel logout is not protected by CSRF tokens, allowing an attacker to log out a user by enticing them to visit a malicious page. Connected documents confirm the issue and note remediation through softw...

8.8CVSS8.5AI score0.0056EPSS
CVE
CVE
added 2018/09/06 11:0 p.m.55 views

CVE-2018-6320

CVE-2018-6320 affects Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) where login.cgi improperly validates the http(s) Host header. Affected versions: PCS 8.1RX pre-8.1R12 and 8.3RX pre-8.3R2; PPS 5.2RX pre-5.2R9 and 5.4RX pre-5.4R2. The issue arises from trusting the Host header receive...

9.8CVSS9.3AI score0.04079EPSS
CVE
CVE
added 2016/05/26 2:0 p.m.54 views

CVE-2016-4791

The vulnerability CVE-2016-4791 affects Pulse Connect Secure (PCS) administrative UI, enabling remote administrators to enumerate/read files and perform server-side request forgery (SSRF) via unspecified vectors. Affected versions include 7.4 before 7.4r13.4; 8.0 before 8.0r9; 8.1 before 8.1r2; a...

8.6CVSS8.3AI score0.02242EPSS
CVE
CVE
added 2017/07/12 8:0 p.m.54 views

CVE-2017-11193

Pulse Connect Secure 8.3R1 is affected by a CSRF vulnerability in diag.cgi. The diag.cgi panel can execute commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe, and these functions lack CSRF protections. An attacker can entice an administrator to visit a malicious p...

8.8CVSS8.7AI score0.0056EPSS
CVE
CVE
added 2017/07/12 8:0 p.m.54 views

CVE-2017-11194

Pulse Connect Secure 8.3R1 is affected by CVE-2017-11194: a reflected XSS in adminservercacertdetails.cgi where the certid parameter is reflected without proper sanitization, enabling crafted payloads that can inject HTML/tags and may lead to command-like actions in the user’s browser. The issue ...

6.1CVSS6AI score0.00681EPSS
CVE
CVE
added 2018/01/16 10:0 p.m.54 views

CVE-2018-5299

CVE-2018-5299 is a stack-based buffer overflow in the web server of Pulse Secure Pulse Connect Secure (PCS) prior to 8.3R4 and Pulse Policy Secure (PPS) prior to 5.4R4, leading to memory corruption and potential remote code execution. Public sources (NVD/CNVD/PRION/CVE List) confirm a network-vec...

9.8CVSS9.8AI score0.03061EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.53 views

CVE-2020-8222

CVE-2020-8222 describes a path-traversal vulnerability in Pulse Connect Secure versions older than 9.1R8. An authenticated attacker, using the administrator web interface (via Meeting), can read arbitrary files due to the underlying file-reading weakness. Connected sources (Red Hat advisory, Ness...

6.8CVSS6.4AI score0.0228EPSS
CVE
CVE
added 2018/05/10 2:0 p.m.52 views

CVE-2018-9849

CVE-2018-9849 affects Pulse Connect Secure (PCS) 8.1.x prior to 8.1R14, 8.2.x prior to 8.2R11, and 8.3.x prior to 8.3R5. The root cause is improper processing of nested XML entities in crafted XML documents, leading to denial of service via memory consumption/memory errors. Public sources (NVD en...

5.5CVSS5.6AI score0.0099EPSS
CVE
CVE
added 2018/09/06 11:0 p.m.51 views

CVE-2018-14366

CVE-2018-14366 is an Open Redirect vulnerability affecting Pulse Connect Secure and Pulse Policy Secure. The issue resides in download.cgi and can be triggered on Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4, and on Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX befo...

6.1CVSS6.2AI score0.01482EPSS
Total number of security vulnerabilities57