Lucene search
+L
PulsesecurePulse Policy Secure

31 matches found

CVE
CVE
added 2019/04/26 1:39 a.m.1189 views

CVE-2019-11539

CVE-2019-11539 is a post-auth command injection vulnerability in Pulse Secure VPN appliances (Pulse Connect Secure and Pulse Policy Secure) that can be exploited by an authenticated attacker via the admin web interface to inject and execute commands. Connected sources confirm the flaw requires ad...

8CVSS7.9AI score0.98617EPSS
In wildWeb
CVE
CVE
added 2020/07/30 12:53 p.m.1063 views

CVE-2020-8218

Pulse Connect Secure

7.2CVSS7.3AI score0.32739EPSS
In wild
CVE
CVE
added 2019/06/18 11:34 p.m.802 views

CVE-2019-11477

CVE-2019-11477 (SACK Panic) is a Linux kernel TCP vulnerability where crafted SACK blocks can trigger an integer overflow, potentially causing a kernel crash and DoS. CVE-2019-11478/11479 describe related DoS via SACK handling and low MSS. In practice, Arista discloses affected products (EOS, Clo...

7.8CVSS7.5AI score0.98745EPSS
CVE
CVE
added 2019/06/18 11:34 p.m.629 views

CVE-2019-11478

CVE-2019-11478 describes a DoS in the Linux kernel TCP SACK handling where the TCP retransmission queue can fragment, leading to degraded performance or denial of service when processing crafted SACK sequences. The initial entry notes a fixed commit f070ef2ac66716357066b683fb0baf55f8191a2e and st...

7.5CVSS6.4AI score0.94686EPSS
CVE
CVE
added 2020/04/06 8:3 p.m.131 views

CVE-2020-11580

CVE-2020-11580 affects Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06 where the tncc.jar applet on macOS/Linux/Solaris, under an enforced Host Checker policy, accepts arbitrary SSL certificates. This can enable a man-in-the-middle by bypassing certificate validation in the Host Checke...

9.1CVSS9.1AI score0.01072EPSS
CVE
CVE
added 2019/06/03 7:34 p.m.110 views

CVE-2019-11509

Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) are affected by CVE-2019-11509, an authentication-enabled, admin-web-interface vulnerability where an attacker can exploit Incorrect Access Control to execute arbitrary code on the appliance. Impact is shown as remote code execution with au...

8.8CVSS9.2AI score0.07817EPSS
CVE
CVE
added 2020/07/27 10:10 p.m.98 views

CVE-2020-12880

CVE-2020-12880 affects Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance prior to 9.1R8. By manipulating a kernel boot parameter, an insider can drop into a root shell in a pre-install phase where the appliance source code is accessible. Root access risk is limited to the...

5.5CVSS5.5AI score0.00477EPSS
CVE
CVE
added 2019/04/26 1:39 a.m.96 views

CVE-2019-11540

CVE-2019-11540 affects Pulse Secure products: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS). Affected versions include PCS 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1; PPS 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1. Description: an unauthenticated, remote attacker can perform a se...

9.8CVSS9.3AI score0.08259EPSS
CVE
CVE
added 2020/04/06 8:3 p.m.87 views

CVE-2020-11582

CVE-2020-11582 affects Pulse Secure Pulse Connect Secure (PCS) clients with Host Checker enabled. The tncc.jar applet on macOS, Linux and Solaris launches a local TCP server on a random port, reachable by local HTTP clients, with the server potentially processing commands (e.g., setcookie) releva...

8.8CVSS7.9AI score0.00879EPSS
CVE
CVE
added 2019/03/16 3:0 a.m.84 views

CVE-2018-20810

CVE-2018-20810 affects Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): session data exchanged during cluster synchronization between nodes is not properly encrypted in PCS 8.3RX before 8.3R2 and PPS 5.4RX before 5.4R2. The issue does not apply to PCS 8.1RX, PPS 5.2RX, or st...

9.8CVSS9.2AI score0.0177EPSS
CVE
CVE
added 2020/10/28 12:47 p.m.83 views

CVE-2020-8261

CVE-2020-8261: A vulnerability in Pulse Connect Secure / Pulse Policy Secure versions prior to 9.1R9 allows arbitrary cookie injection via the admin/web interfaces. Root cause details are not elaborated in the provided sources, but multiple advisories corroborate the issue. Affected products are ...

4.3CVSS4.8AI score0.02125EPSS
CVE
CVE
added 2019/04/26 1:40 a.m.82 views

CVE-2019-11542

CVE-2019-11542 describes a stack buffer overflow in Pulse Connect Secure / Pulse Policy Secure triggered by an authenticated attacker via the admin web interface by sending a specially crafted message. The issue is one of a family of vulnerabilities disclosed in Pulse Secure advisories (SA44101) ...

8CVSS8AI score0.6612EPSS
CVE
CVE
added 2020/04/06 8:3 p.m.79 views

CVE-2020-11581

Pulse Connect Secure (PCS) clients with Host Checker policy enabled on macOS, Linux, or Solaris are affected by CVE-2020-11581 due to an applet in tncc.jar that uses Runtime.getRuntime().exec(), enabling a MITM attacker to perform OS command injections via shell metacharacters in doCustomRemediat...

9.3CVSS8.5AI score0.09839EPSS
CVE
CVE
added 2017/08/29 3:0 p.m.71 views

CVE-2017-11455

CVE-2017-11455 affects Pulse Connect Secure diag.cgi and Pulse Policy Secure diag.cgi, enabling remote attackers to hijack administrator authentication for requests to start tcpdump due to missing anti-CSRF tokens. Affected: Pulse Connect Secure versions 8.2R1–8.2R5 and 8.1R1–8.1R10; Pulse Policy...

8.8CVSS8.8AI score0.01305EPSS
CVE
CVE
added 2019/03/16 3:0 a.m.71 views

CVE-2018-20814

The CVE-2018-20814 issue is a cross-site scripting (XSS) vulnerability in Psaldownload.cgi affecting Pulse Connect Secure (PCS) 8.3R2 and earlier and Pulse Policy Secure (PPS) 5.4RX and earlier (not applicable to PCS 8.1RX or PPS 5.2RX). Root cause is insufficient validation of client data in the...

6.1CVSS5.9AI score0.01587EPSS
CVE
CVE
added 2020/10/28 12:47 p.m.71 views

CVE-2020-8262

CVE-2020-8262 affects Pulse Connect Secure and Pulse Policy Secure if running versions earlier than 9.1R9. The vulnerability allows Cross-Site Scripting (XSS) and Open Redirection via the authenticated user web interface. Public references in Red Hat advisory and Nessus entries confirm the issue ...

6.1CVSS5.8AI score0.01826EPSS
CVE
CVE
added 2019/03/16 3:0 a.m.69 views

CVE-2018-20809

CVE-2018-20809 affects Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure. A crafted message can cause the web server to crash on PCS 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5; PCS 8.1RX is not affected. Affected versions: PCS 8.3RX–8.3R4 and PPS 5.4RX–5.4R4. The ...

7.5CVSS7.4AI score0.02725EPSS
CVE
CVE
added 2020/09/29 1:41 p.m.69 views

CVE-2020-8238

CVE-2020-8238 affects Pulse Connect Secure and Pulse Policy Secure

6.1CVSS5.8AI score0.01738EPSS
CVE
CVE
added 2019/04/26 1:40 a.m.67 views

CVE-2019-11543

CVE-2019-11543 is an XSS in the admin web console of Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS). Affected product lines include PCS: 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.1RX before 8.1R15.1; PPS: 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.2RX before 5.2R12.1...

8.3CVSS6.5AI score0.0311EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.66 views

CVE-2020-8206

CVE-2020-8206 affects Pulse Connect Secure and Pulse Policy Secure versions prior to 9.1RB, enabling an attacker who has a user’s primary credentials to bypass Google TOTP authentication. Multiple connected sources confirm the same core issue: improper authentication that directly bypasses TOTP. ...

8.1CVSS8AI score0.02991EPSS
CVE
CVE
added 2020/10/27 4:10 a.m.65 views

CVE-2020-15352

CVE-2020-15352 is an XXE-based SSRF vulnerability in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) prior to 9.1R9. The issue arises from an XML External Entity in crafted XML requests that remote authenticated admins can abuse to reach server-side resources. Public sources in the conne...

7.2CVSS6.6AI score0.03162EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.64 views

CVE-2020-8221

CVE-2020-8221 describes a path traversal weakness in Pulse Connect Secure prior to 9.1R8 that allows an authenticated attacker to read arbitrary files via the administrator web interface. The issue is tied to the Pulse Connect Secure/Policy Secure family (PCS/PPS) with the

4.9CVSS4.9AI score0.0228EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.62 views

CVE-2020-8217

Pulse Connect Secure versions prior to 9.1R8 are affected by a cross-site scripting (XSS) vulnerability in the URL used for Citrix ICA. The root cause is insufficient validation/cleaning of client data in the web application, allowing attacker-controlled input to execute client-side code. Impact ...

5.4CVSS5.2AI score0.01354EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.59 views

CVE-2020-8216

CVE-2020-8216 describes an information-disclosure vulnerability in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) prior to version 9.1R8, where an authenticated end-user can reveal meeting details if they know the Meeting ID. Public sources in the provided documents confirm the affected...

4.3CVSS4.2AI score0.02283EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.57 views

CVE-2020-8220

Pulse Connect Secure prior to 9.1R8 is affected by CVE-2020-8220: an authenticated attacker can use the administrator web interface to perform command injection, causing a denial of service. The Red Hat/IVANTI/Nessus entries confirm the issue and point to upgrading to 9.1R8 as the remediation."

6.5CVSS6.5AI score0.0246EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.56 views

CVE-2020-8219

Pulse Connect Secure (PCS) and Pulse Policy Secure versions prior to 9.1R8 are affected by CVE-2020-8219 due to an insufficient permission check that allows an attacker to change the password of a full administrator. Impact is limited to unauthorized password change of admin accounts; no exploit ...

7.2CVSS6.9AI score0.02224EPSS
CVE
CVE
added 2018/01/16 10:0 p.m.54 views

CVE-2018-5299

CVE-2018-5299 is a stack-based buffer overflow in the web server of Pulse Secure Pulse Connect Secure (PCS) prior to 8.3R4 and Pulse Policy Secure (PPS) prior to 5.4R4, leading to memory corruption and potential remote code execution. Public sources (NVD/CNVD/PRION/CVE List) confirm a network-vec...

9.8CVSS9.8AI score0.03061EPSS
CVE
CVE
added 2018/09/06 11:0 p.m.54 views

CVE-2018-6320

CVE-2018-6320 affects Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) where login.cgi improperly validates the http(s) Host header. Affected versions: PCS 8.1RX pre-8.1R12 and 8.3RX pre-8.3R2; PPS 5.2RX pre-5.2R9 and 5.4RX pre-5.4R2. The issue arises from trusting the Host header receive...

9.8CVSS9.3AI score0.04079EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.53 views

CVE-2020-8222

CVE-2020-8222 describes a path-traversal vulnerability in Pulse Connect Secure versions older than 9.1R8. An authenticated attacker, using the administrator web interface (via Meeting), can read arbitrary files due to the underlying file-reading weakness. Connected sources (Red Hat advisory, Ness...

6.8CVSS6.4AI score0.0228EPSS
CVE
CVE
added 2018/09/06 11:0 p.m.51 views

CVE-2018-14366

CVE-2018-14366 is an Open Redirect vulnerability affecting Pulse Connect Secure and Pulse Policy Secure. The issue resides in download.cgi and can be triggered on Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4, and on Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX befo...

6.1CVSS6.2AI score0.01482EPSS
CVE
CVE
added 2020/07/30 12:53 p.m.49 views

CVE-2020-8204

CVE-2020-8204 is an XSS vulnerability affecting Pulse Connect Secure (

6.1CVSS5.9AI score0.01813EPSS