3 matches found
CVE-2021-31922
CVE-2021-31922 is an HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager (vTM) prior to 21.1. The issue allows an attacker to smuggle an HTTP request through an HTTP/2 header, with fixes in 21.1 and earlier maintenance releases (20.3R1, 20.2R1, 20.1R2, 19.2R4, 18.2R3). Re...
CVE-2018-20307
CVE-2018-20307 affects Pulse Secure Virtual Traffic Manager (vTM) . Affected releases include vTM 9.9 prior to 9.9r2 , 10.4r1 , and 17.2r1 . The root cause is incorrect permission validation, which could allow a remote authenticated user to obtain sensitive historical activity information. Per pu...
CVE-2018-20306
CVE-2018-20306 is a stored XSS vulnerability in the web administration UI of Pulse Secure Virtual Traffic Manager (vTM). Affected: vTM 9.9 before 9.9r2, 10.4r1, and 17.2r1 (per multiple sources). The issue can let an authenticated remote attacker inject script/HTML via a crafted website to steal ...