All the vulnerabilites related to pulsesecure - pulse_policy_secure
Vulnerability from fkie_nvd
Published
2020-07-30 13:15
Modified
2024-11-21 05:38
Summary
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An insufficient permission check vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allows an attacker to change the password of a full administrator."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de comprobaci\u00f3n de permisos insuficiente en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante cambiar la contrase\u00f1a de un administrador completa"
    }
  ],
  "id": "CVE-2020-8219",
  "lastModified": "2024-11-21T05:38:31.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-30T13:15:11.907",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-280"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-04-26 02:29
Modified
2024-11-21 04:21
Summary
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
References
cve@mitre.orghttp://www.securityfocus.com/bid/108073Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttps://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/Exploit, Third Party Advisory
cve@mitre.orghttps://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfExploit, Third Party Advisory
cve@mitre.orghttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Vendor Advisory
cve@mitre.orghttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010Third Party Advisory
cve@mitre.orghttps://www.kb.cert.org/vuls/id/927237Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108073Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/927237Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
ivanti connect_secure 8.1
ivanti connect_secure 8.2
ivanti connect_secure 8.3
pulsesecure pulse_connect_secure 8.1r1.0
pulsesecure pulse_connect_secure 8.2r1.0
pulsesecure pulse_connect_secure 8.2r1.1
pulsesecure pulse_connect_secure 8.2r2.0
pulsesecure pulse_connect_secure 8.2r3.0
pulsesecure pulse_connect_secure 8.2r3.1
pulsesecure pulse_connect_secure 8.2r4.0
pulsesecure pulse_connect_secure 8.2r4.1
pulsesecure pulse_connect_secure 8.2r5.0
pulsesecure pulse_connect_secure 8.2r5.1
pulsesecure pulse_connect_secure 8.2r6.0
pulsesecure pulse_connect_secure 8.2r7.0
pulsesecure pulse_connect_secure 8.2r7.1
pulsesecure pulse_connect_secure 8.2rx
pulsesecure pulse_connect_secure 8.3rx
pulsesecure pulse_connect_secure 9.0r1
pulsesecure pulse_connect_secure 9.0r2
pulsesecure pulse_connect_secure 9.0r2.1
pulsesecure pulse_connect_secure 9.0r3
pulsesecure pulse_connect_secure 9.0r3.1
pulsesecure pulse_connect_secure 9.0r3.2
pulsesecure pulse_connect_secure 9.0rx
pulsesecure pulse_policy_secure 5.1r1.0
pulsesecure pulse_policy_secure 5.1r1.1
pulsesecure pulse_policy_secure 5.1r2.0
pulsesecure pulse_policy_secure 5.1r2.1
pulsesecure pulse_policy_secure 5.1r3.0
pulsesecure pulse_policy_secure 5.1r3.2
pulsesecure pulse_policy_secure 5.1r4.0
pulsesecure pulse_policy_secure 5.1r5.0
pulsesecure pulse_policy_secure 5.1r6.0
pulsesecure pulse_policy_secure 5.1r7.0
pulsesecure pulse_policy_secure 5.1r8.0
pulsesecure pulse_policy_secure 5.1r9.0
pulsesecure pulse_policy_secure 5.1r9.1
pulsesecure pulse_policy_secure 5.1r10.0
pulsesecure pulse_policy_secure 5.1r11.0
pulsesecure pulse_policy_secure 5.1r11.1
pulsesecure pulse_policy_secure 5.1r12.0
pulsesecure pulse_policy_secure 5.1r12.1
pulsesecure pulse_policy_secure 5.1r13.0
pulsesecure pulse_policy_secure 5.1r14.0
pulsesecure pulse_policy_secure 5.2r1.0
pulsesecure pulse_policy_secure 5.2r2.0
pulsesecure pulse_policy_secure 5.2r3.0
pulsesecure pulse_policy_secure 5.2r3.2
pulsesecure pulse_policy_secure 5.2r4.0
pulsesecure pulse_policy_secure 5.2r5.0
pulsesecure pulse_policy_secure 5.2r6.0
pulsesecure pulse_policy_secure 5.2r7.0
pulsesecure pulse_policy_secure 5.2r7.1
pulsesecure pulse_policy_secure 5.2r8.0
pulsesecure pulse_policy_secure 5.2r9.0
pulsesecure pulse_policy_secure 5.2r9.1
pulsesecure pulse_policy_secure 5.2r10.0
pulsesecure pulse_policy_secure 5.2r11.0
pulsesecure pulse_policy_secure 5.2rx
pulsesecure pulse_policy_secure 5.3r1.0
pulsesecure pulse_policy_secure 5.3r1.1
pulsesecure pulse_policy_secure 5.3r2.0
pulsesecure pulse_policy_secure 5.3r3.0
pulsesecure pulse_policy_secure 5.3r3.1
pulsesecure pulse_policy_secure 5.3r4.0
pulsesecure pulse_policy_secure 5.3r4.1
pulsesecure pulse_policy_secure 5.3r5.0
pulsesecure pulse_policy_secure 5.3r5.1
pulsesecure pulse_policy_secure 5.3r5.2
pulsesecure pulse_policy_secure 5.3r6.0
pulsesecure pulse_policy_secure 5.3r7.0
pulsesecure pulse_policy_secure 5.3r8.0
pulsesecure pulse_policy_secure 5.3r8.1
pulsesecure pulse_policy_secure 5.3r8.2
pulsesecure pulse_policy_secure 5.3r9.0
pulsesecure pulse_policy_secure 5.3r10.
pulsesecure pulse_policy_secure 5.3r11.0
pulsesecure pulse_policy_secure 5.3r12.0
pulsesecure pulse_policy_secure 5.3rx
pulsesecure pulse_policy_secure 5.4r1
pulsesecure pulse_policy_secure 5.4r2
pulsesecure pulse_policy_secure 5.4r2.1
pulsesecure pulse_policy_secure 5.4r3
pulsesecure pulse_policy_secure 5.4r4
pulsesecure pulse_policy_secure 5.4r5
pulsesecure pulse_policy_secure 5.4r5.2
pulsesecure pulse_policy_secure 5.4r6
pulsesecure pulse_policy_secure 5.4r6.1
pulsesecure pulse_policy_secure 5.4r7
pulsesecure pulse_policy_secure 5.4rx
pulsesecure pulse_policy_secure 9.0r1
pulsesecure pulse_policy_secure 9.0r2
pulsesecure pulse_policy_secure 9.0r2.1
pulsesecure pulse_policy_secure 9.0r3
pulsesecure pulse_policy_secure 9.0r3.1
pulsesecure pulse_policy_secure 9.0rx



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCE3E8-ED64-4CCD-9A3F-3D99476B81E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB453513-AFEA-4E68-8441-3984E83FFB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2037BE1-408C-47E8-8A70-8440BF3A1ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7369296-0C10-4B64-A0EC-2E7BFAC5BB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F13F586F-A5FA-424F-B172-14FC29402F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6BE71A8-1C4A-4CE0-A78C-DCF72E6775BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E0AC17-77DE-440F-8166-FD3A8D039EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A7A8628-6636-485E-B888-A13D732D87C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB60BAE-D42E-4953-822D-C9B4CF83EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A9BB556-DADF-49F0-BEF2-84629EC430FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AB1607-3B0C-49A8-95E0-68FB8DF6432B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ACA79EE-8F71-4805-B4D4-72B40EE7933D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "261B6197-161F-4141-B5D1-95160AFA3B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE79E96-37CA-46F5-B14C-9024E4D7CD25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559BDBF-FEE2-4DC2-B4D8-597DD78332DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B87335-3883-4B3F-863E-A1E3E7541049",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD77C208-DD3E-46BD-930F-93BB39799D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D68BA7-3626-4D54-B6B3-ED0C2F25ADC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "190F575A-E9D4-403B-9AAC-D665D80B37D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B522EA-2724-4D88-89FE-8A3E1297313E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6444B34E-C3E3-4959-8C5D-ACF5FF65D2DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF9BB1A-07D4-4757-BC09-49CCC044CE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F4694C1-667B-4BAC-ABF1-92AE4FD26893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FE2F01-1675-45FB-90ED-A7A8C3E79114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45491FB0-2EDC-4B62-838F-A8CB2E92F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62EC1F3-10DC-4387-B4DA-8EA8086EA390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A2801C-029F-469C-9492-9AB0535B1F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "219B113E-88AB-4250-81BB-3735A49A09C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84885E71-5C0D-4869-97A5-B8F955FBE728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F5AB09-D5D3-4499-BDE8-6471F827D825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FF5E94-07F5-416C-976F-4FF22141A145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77318F9-AA30-4010-A351-98A3942DA8DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D328C58-51A0-4A62-8CFC-BAA5A9D8EDF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3015D79-3AD8-4EBE-A236-6ADEC2AA4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BFFFF2-BA60-483A-BD7E-041EDD1932E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D04A72C3-2735-4F83-8F91-82405C16FE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A100AF1-A8A7-4E0A-9D29-E00C56C0AAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "596A0CEE-44FD-4A03-8386-750D0E4947D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEDA32E5-A047-49FD-A52C-FDA132881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65900FCC-9DD2-4606-B125-451946734453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB8051E3-A7F0-4E17-AB73-E4F1DBD6FB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A3DEE0B-048F-4FE8-A508-043D87F54611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "262F4B72-D73E-41B4-B62A-39AD505412D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF64796-2698-48EF-AF93-86F070967C98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A42EFC8-C5FF-4397-87CF-263813FAA5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C952B5B8-DCAB-476A-9E60-3F1BBE509F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F199F01-9EEA-4184-AD99-6B21110484AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9938EBCC-B9B7-4FB1-9ACB-9BED485AB5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4A309B-ACB0-4053-909A-6889129EB2C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A4A105-EBF3-4895-9ABE-50972DD232F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4013CA1C-48F0-46F6-B327-E6B34311A7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "112B9736-336D-4C72-A960-0B33DD3439EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FA8DC5-900B-4A53-AF55-410A7FF901E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4946BBE-E449-4F89-910C-3389BDF36071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDBD7BC-C9A7-48C2-B3BC-8E2C90F54268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B56D6E-2429-4511-8FE6-A9BE1226F031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "17BD737E-F387-4239-B3C6-E4B71EB13995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC6D632-9B03-4CFF-85D8-B4127257A47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "C766CBF4-502C-4522-845C-A5436DD1960D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94170224-C78B-458A-B63E-53E303B0DCE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17449ADA-D4CC-4A23-9699-2D3E695C519A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B21A8C-F09F-4286-8E32-C10E474C8D3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8654C226-F77A-464D-9AD1-010DC11F8C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F3AFCF-8723-4F80-89A2-BC9D62CE920E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "545F18AB-635E-47C0-ACFE-8B2A849253FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52DD6EDE-5CF1-4BD9-93B7-8100ED9DDC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D74E173-3599-4A32-BE9A-482998800122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "116DD35E-B83E-4865-8B54-E5C68D148187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D02A7DF-69CE-426B-8153-3BA404B4AC64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA199898-3820-4B6C-ADF6-9EA0E8238200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37EBB8A-48E0-4092-A5E4-ABA0C02934AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EAEBC16-AA55-4145-8FD4-84217DE4CB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF3A87EB-CEF3-4CE3-A258-EE95560D46F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B273CCA-CFA6-4A73-99D1-44A51ADBAF00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E92137-41D4-4350-AD8D-B2F36FBA5B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r10.:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E78ACD-828A-421D-88B7-C08079CD39A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60129D21-0A5D-44B6-A9F0-C97E3327C58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13477A91-0880-4CDA-A932-12912909E1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E78343D-6F53-44C0-8C45-694E6D03DB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F2FFEC-F243-4D85-888E-339C60B3C0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A841849-DA0E-4BAA-8807-F42481C9457D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC5A497-1FA2-4AE4-A611-553129B9F78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "479B25A4-59AA-4FA4-B1CC-E06781D00962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C0556B-2420-46F2-A08E-EC83DA514A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "479C0704-9FE5-42D6-8968-780391708F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE3B07D-879B-4AF2-9AA7-D9F64A577373",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "497631E3-0E1F-4267-8ADA-7697FF0BF7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF444E5-2EEA-4223-85E1-B2EA6D0543E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA2AD75-A6DD-48D0-83E7-A5F00F31C010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A6F2EF-09AF-4DAA-A552-6111C51DD210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C50D348-E894-4B8D-ACFF-DE04FB47A97B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "436C11B9-1A19-4751-877C-104370C769A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F709A2-79F6-4912-9B81-6EBF9E0D438E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B694A761-C3DC-41C9-8FFA-271950BEFE60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE48A776-5899-47E8-8B1C-B046594E6084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7BB3D9-7259-4DF3-B408-AE421CE206D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow."
    },
    {
      "lang": "es",
      "value": "En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, versiones 8.2RX anteriores a 8.2R12.1, y versiones 8.1RX anteriores a 8.1R15.1; Pulse Policy Secure versiones 9.0RX anteriores a 9.0R3.2, versiones 5.4RX anteriores a 5.4R7.1, versiones 5.3RX anteriores a  5.3R12.1, versiones 5.2RX anteriores a 5.2R12.1, y versiones 5.1RX anteriores a 5.1R15.1, un atacante autenticado (a trav\u00e9s de la interfaz web de administraci\u00f3n) puede enviar un mensaje especialmente dise\u00f1ado que resulte en un desbordamiento de b\u00fafer basado en pila ."
    }
  ],
  "id": "CVE-2019-11542",
  "lastModified": "2024-11-21T04:21:18.523",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-26T02:29:00.487",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-04-26 02:29
Modified
2024-11-21 04:21
Severity ?
Summary
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
References
cve@mitre.orghttp://www.securityfocus.com/bid/108073Third Party Advisory, VDB Entry
cve@mitre.orghttps://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/Exploit, Third Party Advisory
cve@mitre.orghttps://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfExploit, Third Party Advisory
cve@mitre.orghttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Third Party Advisory, Vendor Advisory
cve@mitre.orghttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010Third Party Advisory
cve@mitre.orghttps://www.kb.cert.org/vuls/id/927237Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108073Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/927237Third Party Advisory, US Government Resource



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB453513-AFEA-4E68-8441-3984E83FFB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD77C208-DD3E-46BD-930F-93BB39799D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D68BA7-3626-4D54-B6B3-ED0C2F25ADC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "190F575A-E9D4-403B-9AAC-D665D80B37D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B522EA-2724-4D88-89FE-8A3E1297313E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6444B34E-C3E3-4959-8C5D-ACF5FF65D2DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF9BB1A-07D4-4757-BC09-49CCC044CE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F4694C1-667B-4BAC-ABF1-92AE4FD26893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FE2F01-1675-45FB-90ED-A7A8C3E79114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F2FFEC-F243-4D85-888E-339C60B3C0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A841849-DA0E-4BAA-8807-F42481C9457D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC5A497-1FA2-4AE4-A611-553129B9F78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "479B25A4-59AA-4FA4-B1CC-E06781D00962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C0556B-2420-46F2-A08E-EC83DA514A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "479C0704-9FE5-42D6-8968-780391708F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE3B07D-879B-4AF2-9AA7-D9F64A577373",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "497631E3-0E1F-4267-8ADA-7697FF0BF7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF444E5-2EEA-4223-85E1-B2EA6D0543E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA2AD75-A6DD-48D0-83E7-A5F00F31C010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A6F2EF-09AF-4DAA-A552-6111C51DD210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C50D348-E894-4B8D-ACFF-DE04FB47A97B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "436C11B9-1A19-4751-877C-104370C769A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F709A2-79F6-4912-9B81-6EBF9E0D438E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B694A761-C3DC-41C9-8FFA-271950BEFE60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE48A776-5899-47E8-8B1C-B046594E6084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7BB3D9-7259-4DF3-B408-AE421CE206D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack."
    },
    {
      "lang": "es",
      "value": "En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4 y versiones 8.3RX anteriores a 8.3R7.1 y Pulse Policy Secure versiones 9.0RX anteriores a 9.0R3.2 y versiones 5.4RX anteriores a 5.4R7.1, un atacante remoto no autenticado puede llevar a cabo un ataque de secuestro de sesi\u00f3n."
    }
  ],
  "id": "CVE-2019-11540",
  "lastModified": "2024-11-21T04:21:18.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-26T02:29:00.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-30 18:15
Modified
2024-11-21 05:38
Summary
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.



{
  "cisaActionDue": "2021-04-23",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Ivanti Pulse Connect Secure Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
              "matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "26AEB02E-D2D0-4D7A-BB00-9E5112696B17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
              "matchCriteriaId": "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Pulse Connect Secure \u003c 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web en Pulse Connect Secure versiones anteriores a 9.1R8.2, podr\u00eda permitir a un atacante autenticado cargar una plantilla personalizada para llevar a cabo una ejecuci\u00f3n de c\u00f3digo arbitrario"
    }
  ],
  "id": "CVE-2020-8243",
  "lastModified": "2024-11-21T05:38:34.643",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-30T18:15:29.070",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-06 21:15
Modified
2024-11-21 04:58
Summary
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.)



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "188EFC3E-AB48-4325-96AB-2D2A9062E758",
              "versionEndIncluding": "2020-04-06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1C8792C-1CF0-450B-A8BD-2B5274156053",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.)"
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Pulse Secure Pulse Connect Secure (PCS) hasta el 06-04-2020. El applet en el archivo tncc.jar, ejecutado en clientes macOS, Linux y Solaris cuando es aplicada una pol\u00edtica Host Checker, inicia un servidor TCP que acepta conexiones locales en un puerto aleatorio. Esto puede ser alcanzado por los clientes HTTP locales, porque son ignoradas hasta 25 l\u00edneas no v\u00e1lidas y porque puede presentarse un re-enlace DNS. (Este servidor acepta, por ejemplo, un comando setcookie que podr\u00eda ser relevante para la explotaci\u00f3n del CVE-2020-11581)."
    }
  ],
  "id": "CVE-2020-11582",
  "lastModified": "2024-11-21T04:58:10.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-06T21:15:13.607",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-30 13:15
Modified
2024-11-21 05:38
Summary
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.



{
  "cisaActionDue": "2022-09-07",
  "cisaExploitAdd": "2022-03-07",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Pulse Connect Secure Code Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A code injection vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante dise\u00f1ar un URI para llevar a cabo una ejecuci\u00f3n de c\u00f3digo arbitraria por medio de la interfaz web de administraci\u00f3n"
    }
  ],
  "id": "CVE-2020-8218",
  "lastModified": "2024-11-21T05:38:31.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-30T13:15:11.847",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-29 15:29
Modified
2024-11-21 03:07
Summary
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
Impacted products
Vendor Product Version
ivanti connect_secure 8.1
pulsesecure pulse_connect_secure 8.1r1.0
pulsesecure pulse_connect_secure 8.2r1.0
pulsesecure pulse_connect_secure 8.2r1.1
pulsesecure pulse_connect_secure 8.2r2.0
pulsesecure pulse_connect_secure 8.2r3.0
pulsesecure pulse_connect_secure 8.2r3.1
pulsesecure pulse_connect_secure 8.2r4.0
pulsesecure pulse_connect_secure 8.2r4.1
pulsesecure pulse_connect_secure 8.2r5.0
pulsesecure pulse_policy_secure 5.1r1.0
pulsesecure pulse_policy_secure 5.1r1.1
pulsesecure pulse_policy_secure 5.1r2.0
pulsesecure pulse_policy_secure 5.1r2.1
pulsesecure pulse_policy_secure 5.1r3.0
pulsesecure pulse_policy_secure 5.1r3.2
pulsesecure pulse_policy_secure 5.1r4.0
pulsesecure pulse_policy_secure 5.1r5.0
pulsesecure pulse_policy_secure 5.1r6.0
pulsesecure pulse_policy_secure 5.1r7.0
pulsesecure pulse_policy_secure 5.1r7.1
pulsesecure pulse_policy_secure 5.1r8.0
pulsesecure pulse_policy_secure 5.1r9.1
pulsesecure pulse_policy_secure 5.1r10
pulsesecure pulse_policy_secure 5.2r1.0
pulsesecure pulse_policy_secure 5.2r2.0
pulsesecure pulse_policy_secure 5.2r3.0
pulsesecure pulse_policy_secure 5.2r3.2
pulsesecure pulse_policy_secure 5.2r4.0
pulsesecure pulse_policy_secure 5.2r5.0
pulsesecure pulse_policy_secure 5.2r6.0
pulsesecure pulse_policy_secure 5.2r7.0
pulsesecure pulse_policy_secure 5.2r7.1
pulsesecure pulse_policy_secure 5.2r8.0
pulsesecure pulse_policy_secure 5.3r1.0
pulsesecure pulse_policy_secure 5.3r1.1
pulsesecure pulse_policy_secure 5.3r2.0
pulsesecure pulse_policy_secure 5.3r3.0
pulsesecure pulse_policy_secure 5.3r3.1
pulsesecure pulse_policy_secure 5.3r4.0
pulsesecure pulse_policy_secure 5.3r4.1
pulsesecure pulse_policy_secure 5.3r5.0
pulsesecure pulse_policy_secure 5.3r5.1
pulsesecure pulse_policy_secure 5.3r5.2
pulsesecure pulse_policy_secure 5.3r6.0
pulsesecure pulse_policy_secure 5.3r7.0
pulsesecure pulse_policy_secure 5.3r8.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2037BE1-408C-47E8-8A70-8440BF3A1ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7369296-0C10-4B64-A0EC-2E7BFAC5BB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F13F586F-A5FA-424F-B172-14FC29402F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6BE71A8-1C4A-4CE0-A78C-DCF72E6775BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E0AC17-77DE-440F-8166-FD3A8D039EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A7A8628-6636-485E-B888-A13D732D87C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB60BAE-D42E-4953-822D-C9B4CF83EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A9BB556-DADF-49F0-BEF2-84629EC430FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AB1607-3B0C-49A8-95E0-68FB8DF6432B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45491FB0-2EDC-4B62-838F-A8CB2E92F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62EC1F3-10DC-4387-B4DA-8EA8086EA390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A2801C-029F-469C-9492-9AB0535B1F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "219B113E-88AB-4250-81BB-3735A49A09C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84885E71-5C0D-4869-97A5-B8F955FBE728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F5AB09-D5D3-4499-BDE8-6471F827D825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FF5E94-07F5-416C-976F-4FF22141A145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77318F9-AA30-4010-A351-98A3942DA8DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D328C58-51A0-4A62-8CFC-BAA5A9D8EDF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3015D79-3AD8-4EBE-A236-6ADEC2AA4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC948E7-4EC5-45E1-98A7-A940D05E3BC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BFFFF2-BA60-483A-BD7E-041EDD1932E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A100AF1-A8A7-4E0A-9D29-E00C56C0AAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE85EB6-035E-4158-92E5-C6D2543FBE1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A42EFC8-C5FF-4397-87CF-263813FAA5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C952B5B8-DCAB-476A-9E60-3F1BBE509F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F199F01-9EEA-4184-AD99-6B21110484AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9938EBCC-B9B7-4FB1-9ACB-9BED485AB5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4A309B-ACB0-4053-909A-6889129EB2C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A4A105-EBF3-4895-9ABE-50972DD232F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4013CA1C-48F0-46F6-B327-E6B34311A7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "112B9736-336D-4C72-A960-0B33DD3439EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FA8DC5-900B-4A53-AF55-410A7FF901E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4946BBE-E449-4F89-910C-3389BDF36071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94170224-C78B-458A-B63E-53E303B0DCE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17449ADA-D4CC-4A23-9699-2D3E695C519A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B21A8C-F09F-4286-8E32-C10E474C8D3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8654C226-F77A-464D-9AD1-010DC11F8C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F3AFCF-8723-4F80-89A2-BC9D62CE920E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "545F18AB-635E-47C0-ACFE-8B2A849253FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52DD6EDE-5CF1-4BD9-93B7-8100ED9DDC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D74E173-3599-4A32-BE9A-482998800122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "116DD35E-B83E-4865-8B54-E5C68D148187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D02A7DF-69CE-426B-8153-3BA404B4AC64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA199898-3820-4B6C-ADF6-9EA0E8238200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37EBB8A-48E0-4092-A5E4-ABA0C02934AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EAEBC16-AA55-4145-8FD4-84217DE4CB6D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens."
    },
    {
      "lang": "es",
      "value": "diag.cgi en Pulse Connect Secure 8.2R1 en su versi\u00f3n 8.2R5, 8.1R1 en su versi\u00f3n 8.1R10 y Pulse Policy Secure 5.3R1 en su versi\u00f3n 5.3R5, 5.2R1 en su versi\u00f3n 5.2R8, y 5.1R1 en su versi\u00f3n 5.1R10 permite que atacantes remotos secuestren la autenticaci\u00f3n de administradores para peticiones para poner en marcha tcpdump, relacionado con la falta de tokens anti-CSRF."
    }
  ],
  "id": "CVE-2017-11455",
  "lastModified": "2024-11-21T03:07:48.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-29T15:29:00.660",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100530"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039242"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-19 00:15
Modified
2024-11-21 04:21
Summary
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
References
security@ubuntu.comhttp://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.htmlThird Party Advisory, VDB Entry
security@ubuntu.comhttp://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.htmlThird Party Advisory, VDB Entry
security@ubuntu.comhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txtThird Party Advisory
security@ubuntu.comhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-enThird Party Advisory
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/06/20/3Mailing List, Third Party Advisory
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/06/28/2Mailing List, Third Party Advisory
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/07/06/3Mailing List, Third Party Advisory
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/07/06/4Mailing List, Third Party Advisory
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/10/24/1Mailing List, Third Party Advisory
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/10/29/3Mailing List, Third Party Advisory
security@ubuntu.comhttp://www.vmware.com/security/advisories/VMSA-2019-0010.htmlThird Party Advisory
security@ubuntu.comhttps://access.redhat.com/errata/RHSA-2019:1594Third Party Advisory
security@ubuntu.comhttps://access.redhat.com/errata/RHSA-2019:1602Third Party Advisory
security@ubuntu.comhttps://access.redhat.com/errata/RHSA-2019:1699Third Party Advisory
security@ubuntu.comhttps://access.redhat.com/security/vulnerabilities/tcpsackThird Party Advisory
security@ubuntu.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfThird Party Advisory
security@ubuntu.comhttps://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cffMailing List, Patch, Vendor Advisory
security@ubuntu.comhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.mdPatch, Third Party Advisory
security@ubuntu.comhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193Third Party Advisory
security@ubuntu.comhttps://kc.mcafee.com/corporate/index?page=content&id=SB10287Third Party Advisory
security@ubuntu.comhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006Third Party Advisory
security@ubuntu.comhttps://security.netapp.com/advisory/ntap-20190625-0001/Third Party Advisory
security@ubuntu.comhttps://support.f5.com/csp/article/K78234183Third Party Advisory
security@ubuntu.comhttps://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanicMitigation, Third Party Advisory
security@ubuntu.comhttps://www.kb.cert.org/vuls/id/905115Third Party Advisory, US Government Resource
security@ubuntu.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
security@ubuntu.comhttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
security@ubuntu.comhttps://www.synology.com/security/advisory/Synology_SA_19_28Third Party Advisory
security@ubuntu.comhttps://www.us-cert.gov/ics/advisories/icsa-19-253-03Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-enThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/06/20/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/06/28/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/07/06/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/07/06/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/10/24/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/10/29/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2019-0010.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1594Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1602Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1699Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/vulnerabilities/tcpsackThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cffMailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.mdPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10287Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190625-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K78234183Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanicMitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/905115Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/security/advisory/Synology_SA_19_28Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.us-cert.gov/ics/advisories/icsa-19-253-03Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager 15.0.0
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller 15.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager 15.0.0
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics 15.0.0
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway 15.0.0
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system 15.0.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 19.04
redhat enterprise_linux_atomic_host -
redhat enterprise_linux 5.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux_aus 6.5
redhat enterprise_linux_aus 6.6
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_mrg 2.0
ivanti connect_secure -
pulsesecure pulse_policy_secure -
pulsesecure pulse_secure_virtual_application_delivery_controller -
f5 traffix_signaling_delivery_controller *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "190D94DD-9CDB-413B-9A15-BFBDB1BB127C",
              "versionEndExcluding": "3.16.69",
              "versionStartIncluding": "2.6.29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D641CA66-86A4-4172-9D98-206C31578C5E",
              "versionEndExcluding": "4.4.182",
              "versionStartIncluding": "3.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "966342A3-015F-4BCC-A513-335362A79A26",
              "versionEndExcluding": "4.9.182",
              "versionStartIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A632572-BC71-422E-B953-346709BA1658",
              "versionEndExcluding": "4.14.127",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C91C6131-9445-46E6-960B-76E8A34DC7E4",
              "versionEndExcluding": "4.19.52",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0E372D7-8DD5-45E7-9C26-CF389B1A09A5",
              "versionEndExcluding": "5.1.11",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AF102E-2851-45B5-8C71-B393F34D4591",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E4EA2A9-C197-40D4-A6AE-A64D69536F99",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "720A06E3-441B-4D51-8FC0-D569DD7FEB10",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FF1C75A-F753-40CB-9E26-DA6D31931DDC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A057B236-8B7C-430D-B107-8FF96D132E73",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D7877E8-E50F-4DC6-867D-C19A8DB533E3",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "899BE6FE-B23F-4236-8A5E-B41AFF28E533",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66FC8C37-629D-4FBA-9C79-615BDDCF7837",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66FCB095-3E70-472A-AB9D-60F001F3A539",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA39C4F5-4D97-4B0B-8DA9-780F7ACF0A74",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2833083-97E9-4B3C-8E6B-BCAC1851D148",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C7C45A-CC14-4092-903C-3001986D2859",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42EBAE78-C03E-42C9-AC2D-D654A8DF8516",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D817B1-EC06-4180-B272-067299818B09",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3A4646-9AAA-445E-A08F-226D41485DC2",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C950E6-BF12-43D4-9125-AD9D90EDD67A",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "255D11E3-F502-45CD-8958-5989F179574E",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E72B035F-97C1-41C6-B424-F3929B9D7A99",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E058E775-EAAA-46DF-9F3D-A8D042AAFD88",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AD3B4BB-7F5C-4565-9345-2D4895630AAD",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B872A0D5-9B23-40F2-8AAB-253A4F406D18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A57948-C53A-4CD0-801B-7E801D08E112",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F367EED9-1F71-4720-BE53-3074FF6049C9",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20BF15AA-1183-489E-A24A-FFB5BFD84664",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B684D2-5889-41EA-B54A-8E7AF43DA647",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D0AF1B-9106-4C38-B1A2-87FC189ADBAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E4A258E-4F20-4C3C-8269-CD7554539EC6",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A5E9908-C959-48FD-8FAC-C0FE329E6FD8",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "442A56A6-935D-427A-8562-144DD770E317",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6434ED4F-0BA2-445A-B6E9-D3E301EE3930",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA668DC-EFB6-44C3-8521-47BB9F474DD1",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23EFF81-0FF4-4B4A-BAC3-85EC62230099",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AB3C9F-77E5-4D87-A9C1-366B087E7F68",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D17CC587-3325-4D95-BE63-B948C63B411D",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24904D5C-58FF-49B0-B598-F798BAD110E6",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE11CCA1-58BF-462E-A0DE-49F3BC1C5499",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "639FCD86-C487-40DD-9840-8931FAF5DF3A",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1117B40B-36E7-4205-82B0-52B4862A6D03",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F0D363-0DE8-4E32-9187-D7ACA0868BD8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB112ABE-C07E-480F-8042-6321E602183D",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A751827-1169-408E-BCE6-A129BDDB489D",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "428C4BEA-AFDA-45EC-9D5F-DDF409461C33",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "717C0443-3E88-4814-8D4A-F0C067176228",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3879431-2E02-4B6C-BB4F-C2FF631A0974",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7865E258-CDA0-43A5-9945-81E07BF11A82",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAECED76-81A2-4A0C-8C2E-24C235BB32DE",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDC38EF1-6210-40A1-88FC-964C470E41BA",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "713EB3E7-A657-4F6A-901D-618AF660CBBC",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EACA0835-51AD-4AC0-8C87-5564F3A821CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B572C267-AF06-4270-8FDC-18EBDDED7879",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B12CA1-E853-4898-8A06-F991BE19A27A",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C98DCCF-2D89-4C05-A0AE-60CF8228B860",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B439DE9D-6A09-4487-82A4-E75A57717CAB",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4F1CFB-0FD9-4AEB-BF25-093115F9D891",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19428E8B-18C2-413A-A3C0-AC6AB9F952F2",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6166E0DB-2BA5-454D-ABBC-9E4916436A44",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42F4AF6-4BCC-497E-A889-0BBCA965CB32",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2164D-11D0-4DCD-B814-6AB185C3BADF",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4AE425-1D86-4DB9-8B8F-74C6678BD528",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF483911-003B-470B-A12B-85EF34A50469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "79191794-6151-46E9-AAFD-3EC0C05B03B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "893A7EE9-495D-405A-B809-39DC80778B2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D046F5-FF1A-41A7-8EDE-2C93E335906E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1C8792C-1CF0-450B-A8BD-2B5274156053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CCBFDE-C2FA-40E3-AA44-0EB0A6861BD4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
              "versionEndIncluding": "5.1.0",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
    },
    {
      "lang": "es",
      "value": "Jonathan Looney detect\u00f3 que el valor TCP_SKB_CB(skb)-mayor que tcp_gso_segs estuvo sujeto a un desbordamiento de enteros en el kernel de Linux durante el manejo del Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podr\u00eda usar esto para causar una denegaci\u00f3n de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
    }
  ],
  "id": "CVE-2019-11477",
  "lastModified": "2024-11-21T04:21:09.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-19T00:15:12.640",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1594"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1602"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1699"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K78234183"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/905115"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K78234183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/905115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-04-26 02:29
Modified
2024-11-21 04:21
Summary
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
References
cve@mitre.orghttp://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/108073Third Party Advisory, VDB Entry
cve@mitre.orghttps://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/Exploit, Third Party Advisory
cve@mitre.orghttps://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfExploit, Third Party Advisory
cve@mitre.orghttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Third Party Advisory, Vendor Advisory
cve@mitre.orghttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010Third Party Advisory
cve@mitre.orghttps://www.kb.cert.org/vuls/id/927237Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108073Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/927237Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
ivanti connect_secure 8.1
ivanti connect_secure 8.2
ivanti connect_secure 8.3
pulsesecure pulse_connect_secure 8.1r1.0
pulsesecure pulse_connect_secure 8.2r1.0
pulsesecure pulse_connect_secure 8.2r1.1
pulsesecure pulse_connect_secure 8.2r2.0
pulsesecure pulse_connect_secure 8.2r3.0
pulsesecure pulse_connect_secure 8.2r3.1
pulsesecure pulse_connect_secure 8.2r4.0
pulsesecure pulse_connect_secure 8.2r4.1
pulsesecure pulse_connect_secure 8.2r5.0
pulsesecure pulse_connect_secure 8.2r5.1
pulsesecure pulse_connect_secure 8.2r6.0
pulsesecure pulse_connect_secure 8.2r7.0
pulsesecure pulse_connect_secure 8.2r7.1
pulsesecure pulse_connect_secure 8.2rx
pulsesecure pulse_connect_secure 8.3rx
pulsesecure pulse_connect_secure 9.0r1
pulsesecure pulse_connect_secure 9.0r2
pulsesecure pulse_connect_secure 9.0r2.1
pulsesecure pulse_connect_secure 9.0r3
pulsesecure pulse_connect_secure 9.0r3.1
pulsesecure pulse_connect_secure 9.0r3.2
pulsesecure pulse_connect_secure 9.0rx
pulsesecure pulse_policy_secure 5.1r1.0
pulsesecure pulse_policy_secure 5.1r1.1
pulsesecure pulse_policy_secure 5.1r2.0
pulsesecure pulse_policy_secure 5.1r2.1
pulsesecure pulse_policy_secure 5.1r3.0
pulsesecure pulse_policy_secure 5.1r3.2
pulsesecure pulse_policy_secure 5.1r4.0
pulsesecure pulse_policy_secure 5.1r5.0
pulsesecure pulse_policy_secure 5.1r6.0
pulsesecure pulse_policy_secure 5.1r7.0
pulsesecure pulse_policy_secure 5.1r8.0
pulsesecure pulse_policy_secure 5.1r9.0
pulsesecure pulse_policy_secure 5.1r9.1
pulsesecure pulse_policy_secure 5.1r10.0
pulsesecure pulse_policy_secure 5.1r11.0
pulsesecure pulse_policy_secure 5.1r11.1
pulsesecure pulse_policy_secure 5.1r12.0
pulsesecure pulse_policy_secure 5.1r12.1
pulsesecure pulse_policy_secure 5.1r13.0
pulsesecure pulse_policy_secure 5.1r14.0
pulsesecure pulse_policy_secure 5.2r1.0
pulsesecure pulse_policy_secure 5.2r2.0
pulsesecure pulse_policy_secure 5.2r3.0
pulsesecure pulse_policy_secure 5.2r3.2
pulsesecure pulse_policy_secure 5.2r4.0
pulsesecure pulse_policy_secure 5.2r5.0
pulsesecure pulse_policy_secure 5.2r6.0
pulsesecure pulse_policy_secure 5.2r7.0
pulsesecure pulse_policy_secure 5.2r7.1
pulsesecure pulse_policy_secure 5.2r8.0
pulsesecure pulse_policy_secure 5.2r9.0
pulsesecure pulse_policy_secure 5.2r9.1
pulsesecure pulse_policy_secure 5.2r10.0
pulsesecure pulse_policy_secure 5.2r11.0
pulsesecure pulse_policy_secure 5.2rx
pulsesecure pulse_policy_secure 5.3r1.0
pulsesecure pulse_policy_secure 5.3r1.1
pulsesecure pulse_policy_secure 5.3r2.0
pulsesecure pulse_policy_secure 5.3r3.0
pulsesecure pulse_policy_secure 5.3r3.1
pulsesecure pulse_policy_secure 5.3r4.0
pulsesecure pulse_policy_secure 5.3r4.1
pulsesecure pulse_policy_secure 5.3r5.0
pulsesecure pulse_policy_secure 5.3r5.1
pulsesecure pulse_policy_secure 5.3r5.2
pulsesecure pulse_policy_secure 5.3r6.0
pulsesecure pulse_policy_secure 5.3r7.0
pulsesecure pulse_policy_secure 5.3r8.0
pulsesecure pulse_policy_secure 5.3r8.1
pulsesecure pulse_policy_secure 5.3r8.2
pulsesecure pulse_policy_secure 5.3r9.0
pulsesecure pulse_policy_secure 5.3r10.
pulsesecure pulse_policy_secure 5.3r11.0
pulsesecure pulse_policy_secure 5.3r12.0
pulsesecure pulse_policy_secure 5.3rx
pulsesecure pulse_policy_secure 5.4r1
pulsesecure pulse_policy_secure 5.4r2
pulsesecure pulse_policy_secure 5.4r2.1
pulsesecure pulse_policy_secure 5.4r3
pulsesecure pulse_policy_secure 5.4r4
pulsesecure pulse_policy_secure 5.4r5
pulsesecure pulse_policy_secure 5.4r5.2
pulsesecure pulse_policy_secure 5.4r6
pulsesecure pulse_policy_secure 5.4r6.1
pulsesecure pulse_policy_secure 5.4r7
pulsesecure pulse_policy_secure 5.4rx
pulsesecure pulse_policy_secure 9.0r1
pulsesecure pulse_policy_secure 9.0r2
pulsesecure pulse_policy_secure 9.0r2.1
pulsesecure pulse_policy_secure 9.0r3
pulsesecure pulse_policy_secure 9.0r3.1
pulsesecure pulse_policy_secure 9.0rx



{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCE3E8-ED64-4CCD-9A3F-3D99476B81E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB453513-AFEA-4E68-8441-3984E83FFB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2037BE1-408C-47E8-8A70-8440BF3A1ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7369296-0C10-4B64-A0EC-2E7BFAC5BB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F13F586F-A5FA-424F-B172-14FC29402F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6BE71A8-1C4A-4CE0-A78C-DCF72E6775BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E0AC17-77DE-440F-8166-FD3A8D039EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A7A8628-6636-485E-B888-A13D732D87C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB60BAE-D42E-4953-822D-C9B4CF83EA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A9BB556-DADF-49F0-BEF2-84629EC430FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AB1607-3B0C-49A8-95E0-68FB8DF6432B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ACA79EE-8F71-4805-B4D4-72B40EE7933D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "261B6197-161F-4141-B5D1-95160AFA3B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE79E96-37CA-46F5-B14C-9024E4D7CD25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559BDBF-FEE2-4DC2-B4D8-597DD78332DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B87335-3883-4B3F-863E-A1E3E7541049",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD77C208-DD3E-46BD-930F-93BB39799D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D68BA7-3626-4D54-B6B3-ED0C2F25ADC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "190F575A-E9D4-403B-9AAC-D665D80B37D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B522EA-2724-4D88-89FE-8A3E1297313E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6444B34E-C3E3-4959-8C5D-ACF5FF65D2DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF9BB1A-07D4-4757-BC09-49CCC044CE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F4694C1-667B-4BAC-ABF1-92AE4FD26893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FE2F01-1675-45FB-90ED-A7A8C3E79114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45491FB0-2EDC-4B62-838F-A8CB2E92F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62EC1F3-10DC-4387-B4DA-8EA8086EA390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A2801C-029F-469C-9492-9AB0535B1F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "219B113E-88AB-4250-81BB-3735A49A09C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84885E71-5C0D-4869-97A5-B8F955FBE728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F5AB09-D5D3-4499-BDE8-6471F827D825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FF5E94-07F5-416C-976F-4FF22141A145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77318F9-AA30-4010-A351-98A3942DA8DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D328C58-51A0-4A62-8CFC-BAA5A9D8EDF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3015D79-3AD8-4EBE-A236-6ADEC2AA4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BFFFF2-BA60-483A-BD7E-041EDD1932E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D04A72C3-2735-4F83-8F91-82405C16FE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A100AF1-A8A7-4E0A-9D29-E00C56C0AAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "596A0CEE-44FD-4A03-8386-750D0E4947D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEDA32E5-A047-49FD-A52C-FDA132881337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65900FCC-9DD2-4606-B125-451946734453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB8051E3-A7F0-4E17-AB73-E4F1DBD6FB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A3DEE0B-048F-4FE8-A508-043D87F54611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "262F4B72-D73E-41B4-B62A-39AD505412D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1r14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF64796-2698-48EF-AF93-86F070967C98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A42EFC8-C5FF-4397-87CF-263813FAA5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C952B5B8-DCAB-476A-9E60-3F1BBE509F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F199F01-9EEA-4184-AD99-6B21110484AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9938EBCC-B9B7-4FB1-9ACB-9BED485AB5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4A309B-ACB0-4053-909A-6889129EB2C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A4A105-EBF3-4895-9ABE-50972DD232F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4013CA1C-48F0-46F6-B327-E6B34311A7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "112B9736-336D-4C72-A960-0B33DD3439EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FA8DC5-900B-4A53-AF55-410A7FF901E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4946BBE-E449-4F89-910C-3389BDF36071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDBD7BC-C9A7-48C2-B3BC-8E2C90F54268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B56D6E-2429-4511-8FE6-A9BE1226F031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "17BD737E-F387-4239-B3C6-E4B71EB13995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC6D632-9B03-4CFF-85D8-B4127257A47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "C766CBF4-502C-4522-845C-A5436DD1960D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94170224-C78B-458A-B63E-53E303B0DCE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17449ADA-D4CC-4A23-9699-2D3E695C519A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B21A8C-F09F-4286-8E32-C10E474C8D3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8654C226-F77A-464D-9AD1-010DC11F8C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F3AFCF-8723-4F80-89A2-BC9D62CE920E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "545F18AB-635E-47C0-ACFE-8B2A849253FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52DD6EDE-5CF1-4BD9-93B7-8100ED9DDC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D74E173-3599-4A32-BE9A-482998800122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "116DD35E-B83E-4865-8B54-E5C68D148187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D02A7DF-69CE-426B-8153-3BA404B4AC64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA199898-3820-4B6C-ADF6-9EA0E8238200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37EBB8A-48E0-4092-A5E4-ABA0C02934AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EAEBC16-AA55-4145-8FD4-84217DE4CB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF3A87EB-CEF3-4CE3-A258-EE95560D46F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B273CCA-CFA6-4A73-99D1-44A51ADBAF00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E92137-41D4-4350-AD8D-B2F36FBA5B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r10.:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E78ACD-828A-421D-88B7-C08079CD39A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60129D21-0A5D-44B6-A9F0-C97E3327C58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3r12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13477A91-0880-4CDA-A932-12912909E1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E78343D-6F53-44C0-8C45-694E6D03DB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F2FFEC-F243-4D85-888E-339C60B3C0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A841849-DA0E-4BAA-8807-F42481C9457D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC5A497-1FA2-4AE4-A611-553129B9F78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "479B25A4-59AA-4FA4-B1CC-E06781D00962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C0556B-2420-46F2-A08E-EC83DA514A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "479C0704-9FE5-42D6-8968-780391708F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE3B07D-879B-4AF2-9AA7-D9F64A577373",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "497631E3-0E1F-4267-8ADA-7697FF0BF7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF444E5-2EEA-4223-85E1-B2EA6D0543E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA2AD75-A6DD-48D0-83E7-A5F00F31C010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A6F2EF-09AF-4DAA-A552-6111C51DD210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C50D348-E894-4B8D-ACFF-DE04FB47A97B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "436C11B9-1A19-4751-877C-104370C769A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F709A2-79F6-4912-9B81-6EBF9E0D438E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B694A761-C3DC-41C9-8FFA-271950BEFE60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE48A776-5899-47E8-8B1C-B046594E6084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7BB3D9-7259-4DF3-B408-AE421CE206D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands."
    },
    {
      "lang": "es",
      "value": "En Pulse Secure Pulse Connect Secure versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, versiones 8.2RX anteriores a 8.2R12.1, y versiones 8.1RX anteriores a 8.1R15.1; Pulse Policy Secure versiones 9.0RX anteriores a 9.0R3.2, versiones 5.4RX anteriores a 5.4R7.1, versiones 5.3RX anteriores a 5.3R12.1, versiones 5.2RX anteriores a 5.2R12.1, y versiones 5.1RX anteriores a 5.1R15.1, la interfaz web de administraci\u00f3n permite a un atacante autenticado inyectar y ejecutar comandos."
    }
  ],
  "id": "CVE-2019-11539",
  "lastModified": "2024-11-21T04:21:17.987",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-26T02:29:00.300",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-30 13:15
Modified
2024-11-21 05:38
Summary
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A path traversal vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permiti\u00f3 a un atacante autenticado por medio de la interfaz web del administrador llevar a cabo una vulnerabilidad de lectura de archivos arbitraria por medio de Meeting"
    }
  ],
  "id": "CVE-2020-8222",
  "lastModified": "2024-11-21T05:38:32.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-30T13:15:12.157",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-19 00:15
Modified
2024-11-21 04:21
Summary
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
References
security@ubuntu.comhttp://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.htmlThird Party Advisory, VDB Entry
security@ubuntu.comhttp://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
security@ubuntu.comhttp://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
security@ubuntu.comhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/06/28/2
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/07/06/3
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/07/06/4
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/10/24/1
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2019/10/29/3
security@ubuntu.comhttp://www.vmware.com/security/advisories/VMSA-2019-0010.html
security@ubuntu.comhttps://access.redhat.com/errata/RHSA-2019:1594
security@ubuntu.comhttps://access.redhat.com/errata/RHSA-2019:1602
security@ubuntu.comhttps://access.redhat.com/errata/RHSA-2019:1699
security@ubuntu.comhttps://access.redhat.com/security/vulnerabilities/tcpsackThird Party Advisory
security@ubuntu.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
security@ubuntu.comhttps://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2eMailing List, Patch, Vendor Advisory
security@ubuntu.comhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.mdPatch, Third Party Advisory
security@ubuntu.comhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193Third Party Advisory
security@ubuntu.comhttps://kc.mcafee.com/corporate/index?page=content&id=SB10287
security@ubuntu.comhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
security@ubuntu.comhttps://seclists.org/bugtraq/2019/Jul/30
security@ubuntu.comhttps://security.netapp.com/advisory/ntap-20190625-0001/
security@ubuntu.comhttps://support.f5.com/csp/article/K26618426Third Party Advisory
security@ubuntu.comhttps://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanicMitigation, Third Party Advisory
security@ubuntu.comhttps://www.kb.cert.org/vuls/id/905115
security@ubuntu.comhttps://www.oracle.com/security-alerts/cpujan2020.html
security@ubuntu.comhttps://www.oracle.com/security-alerts/cpuoct2020.html
security@ubuntu.comhttps://www.synology.com/security/advisory/Synology_SA_19_28
security@ubuntu.comhttps://www.us-cert.gov/ics/advisories/icsa-19-253-03
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
af854a3a-2127-422b-91ae-364da2661108http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/06/28/2
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/07/06/3
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/07/06/4
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/10/24/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/10/29/3
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2019-0010.html
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1594
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1602
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1699
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/vulnerabilities/tcpsackThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2eMailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.mdPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10287
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jul/30
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190625-0001/
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K26618426Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanicMitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/905115
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/security/advisory/Synology_SA_19_28
af854a3a-2127-422b-91ae-364da2661108https://www.us-cert.gov/ics/advisories/icsa-19-253-03
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager 15.0.0
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller 15.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager 15.0.0
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics 15.0.0
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway 15.0.0
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system 15.0.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 19.04
redhat enterprise_linux_atomic_host -
redhat enterprise_linux 5.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux_aus 6.5
redhat enterprise_linux_aus 6.6
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_mrg 2.0
ivanti connect_secure -
pulsesecure pulse_policy_secure -
pulsesecure pulse_secure_virtual_application_delivery_controller -
f5 traffix_signaling_delivery_controller *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F8005D-23A1-4666-B194-18D895721E7A",
              "versionEndExcluding": "4.4.182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "966342A3-015F-4BCC-A513-335362A79A26",
              "versionEndExcluding": "4.9.182",
              "versionStartIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A632572-BC71-422E-B953-346709BA1658",
              "versionEndExcluding": "4.14.127",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C91C6131-9445-46E6-960B-76E8A34DC7E4",
              "versionEndExcluding": "4.19.52",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0E372D7-8DD5-45E7-9C26-CF389B1A09A5",
              "versionEndExcluding": "5.1.11",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AF102E-2851-45B5-8C71-B393F34D4591",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E4EA2A9-C197-40D4-A6AE-A64D69536F99",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "720A06E3-441B-4D51-8FC0-D569DD7FEB10",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FF1C75A-F753-40CB-9E26-DA6D31931DDC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A057B236-8B7C-430D-B107-8FF96D132E73",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D7877E8-E50F-4DC6-867D-C19A8DB533E3",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "899BE6FE-B23F-4236-8A5E-B41AFF28E533",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66FC8C37-629D-4FBA-9C79-615BDDCF7837",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66FCB095-3E70-472A-AB9D-60F001F3A539",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA39C4F5-4D97-4B0B-8DA9-780F7ACF0A74",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2833083-97E9-4B3C-8E6B-BCAC1851D148",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C7C45A-CC14-4092-903C-3001986D2859",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42EBAE78-C03E-42C9-AC2D-D654A8DF8516",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D817B1-EC06-4180-B272-067299818B09",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3A4646-9AAA-445E-A08F-226D41485DC2",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C950E6-BF12-43D4-9125-AD9D90EDD67A",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "255D11E3-F502-45CD-8958-5989F179574E",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E72B035F-97C1-41C6-B424-F3929B9D7A99",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E058E775-EAAA-46DF-9F3D-A8D042AAFD88",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AD3B4BB-7F5C-4565-9345-2D4895630AAD",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B872A0D5-9B23-40F2-8AAB-253A4F406D18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A57948-C53A-4CD0-801B-7E801D08E112",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F367EED9-1F71-4720-BE53-3074FF6049C9",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20BF15AA-1183-489E-A24A-FFB5BFD84664",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B684D2-5889-41EA-B54A-8E7AF43DA647",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D0AF1B-9106-4C38-B1A2-87FC189ADBAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E4A258E-4F20-4C3C-8269-CD7554539EC6",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A5E9908-C959-48FD-8FAC-C0FE329E6FD8",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "442A56A6-935D-427A-8562-144DD770E317",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6434ED4F-0BA2-445A-B6E9-D3E301EE3930",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA668DC-EFB6-44C3-8521-47BB9F474DD1",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23EFF81-0FF4-4B4A-BAC3-85EC62230099",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AB3C9F-77E5-4D87-A9C1-366B087E7F68",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D17CC587-3325-4D95-BE63-B948C63B411D",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24904D5C-58FF-49B0-B598-F798BAD110E6",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE11CCA1-58BF-462E-A0DE-49F3BC1C5499",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "639FCD86-C487-40DD-9840-8931FAF5DF3A",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1117B40B-36E7-4205-82B0-52B4862A6D03",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F0D363-0DE8-4E32-9187-D7ACA0868BD8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB112ABE-C07E-480F-8042-6321E602183D",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A751827-1169-408E-BCE6-A129BDDB489D",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "428C4BEA-AFDA-45EC-9D5F-DDF409461C33",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "717C0443-3E88-4814-8D4A-F0C067176228",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3879431-2E02-4B6C-BB4F-C2FF631A0974",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7865E258-CDA0-43A5-9945-81E07BF11A82",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAECED76-81A2-4A0C-8C2E-24C235BB32DE",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDC38EF1-6210-40A1-88FC-964C470E41BA",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "713EB3E7-A657-4F6A-901D-618AF660CBBC",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EACA0835-51AD-4AC0-8C87-5564F3A821CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B572C267-AF06-4270-8FDC-18EBDDED7879",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B12CA1-E853-4898-8A06-F991BE19A27A",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C98DCCF-2D89-4C05-A0AE-60CF8228B860",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B439DE9D-6A09-4487-82A4-E75A57717CAB",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4F1CFB-0FD9-4AEB-BF25-093115F9D891",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19428E8B-18C2-413A-A3C0-AC6AB9F952F2",
              "versionEndIncluding": "11.6.4",
              "versionStartIncluding": "11.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6166E0DB-2BA5-454D-ABBC-9E4916436A44",
              "versionEndIncluding": "12.1.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42F4AF6-4BCC-497E-A889-0BBCA965CB32",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEC2164D-11D0-4DCD-B814-6AB185C3BADF",
              "versionEndIncluding": "14.1.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4AE425-1D86-4DB9-8B8F-74C6678BD528",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF483911-003B-470B-A12B-85EF34A50469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "79191794-6151-46E9-AAFD-3EC0C05B03B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "893A7EE9-495D-405A-B809-39DC80778B2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D046F5-FF1A-41A7-8EDE-2C93E335906E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1C8792C-1CF0-450B-A8BD-2B5274156053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CCBFDE-C2FA-40E3-AA44-0EB0A6861BD4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
              "versionEndIncluding": "5.1.0",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e."
    },
    {
      "lang": "es",
      "value": "Jonathan Looney descubri\u00f3 que la implementaci\u00f3n de la cola de retransmisi\u00f3n de TCP en tcp_fragment en el kernel de Linux podr\u00eda estar fragmentada cuando se manejan ciertas secuencias de Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podr\u00eda usar esto para causar una denegaci\u00f3n de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit f070ef2ac66716357066b683fb0baf55f8191a2e."
    }
  ],
  "id": "CVE-2019-11478",
  "lastModified": "2024-11-21T04:21:09.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-19T00:15:12.687",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://access.redhat.com/errata/RHSA-2019:1594"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://access.redhat.com/errata/RHSA-2019:1602"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://access.redhat.com/errata/RHSA-2019:1699"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://seclists.org/bugtraq/2019/Jul/30"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K26618426"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://www.kb.cert.org/vuls/id/905115"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Jul/30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K26618426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/905115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-30 13:15
Modified
2024-11-21 05:38
Summary
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure \u003c9.1R5 on the PSAL Page."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R5, en la P\u00e1gina PSAL"
    }
  ],
  "id": "CVE-2020-8204",
  "lastModified": "2024-11-21T05:38:29.987",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-30T13:15:11.470",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-28 18:15
Modified
2024-11-21 04:02
Summary
An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.
Impacted products
Vendor Product Version
ivanti connect_secure 8.3
pulsesecure pulse_policy_secure 5.4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "2871AAD9-FC12-4E2D-B722-0F721D7FE101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D7D1B75B-CFB5-48ED-847A-D60E14A72C71",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado un fallo de Cross-Site Scripting (XSS) con Psaldownload.cgi en Pulse Secure Pulse Connect Secure (PCS) versi\u00f3n 8.3R2 anteriores a la 8.3R2 y Pulse Policy Secure (PPS) versi\u00f3n 5.4RX anteriores a la versi\u00f3n 5.4R2. Esto no es aplicable a PC versi\u00f3n 8.1RX o PPS 5.2RX."
    }
  ],
  "id": "CVE-2018-20814",
  "lastModified": "2024-11-21T04:02:14.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-28T18:15:11.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/109033"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/109033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-04-26 02:29
Modified
2024-11-21 04:21
Summary
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
Impacted products
Vendor Product Version
ivanti connect_secure 8.1
ivanti connect_secure 8.3
pulsesecure pulse_connect_secure 8.1r1.0
pulsesecure pulse_connect_secure 8.1rx
pulsesecure pulse_connect_secure 8.3rx
pulsesecure pulse_connect_secure 9.0r1
pulsesecure pulse_connect_secure 9.0r2
pulsesecure pulse_connect_secure 9.0r2.1
pulsesecure pulse_connect_secure 9.0r3
pulsesecure pulse_connect_secure 9.0r3.1
pulsesecure pulse_connect_secure 9.0r3.2
pulsesecure pulse_connect_secure 9.0rx
pulsesecure pulse_policy_secure 5.2r1.0
pulsesecure pulse_policy_secure 5.2r2.0
pulsesecure pulse_policy_secure 5.2r3.0
pulsesecure pulse_policy_secure 5.2r3.2
pulsesecure pulse_policy_secure 5.2r4.0
pulsesecure pulse_policy_secure 5.2r5.0
pulsesecure pulse_policy_secure 5.2r6.0
pulsesecure pulse_policy_secure 5.2r7.0
pulsesecure pulse_policy_secure 5.2r7.1
pulsesecure pulse_policy_secure 5.2r8.0
pulsesecure pulse_policy_secure 5.2r9.0
pulsesecure pulse_policy_secure 5.2r9.1
pulsesecure pulse_policy_secure 5.2r10.0
pulsesecure pulse_policy_secure 5.2r11.0
pulsesecure pulse_policy_secure 5.2rx
pulsesecure pulse_policy_secure 5.4r1
pulsesecure pulse_policy_secure 5.4r2
pulsesecure pulse_policy_secure 5.4r2.1
pulsesecure pulse_policy_secure 5.4r3
pulsesecure pulse_policy_secure 5.4r4
pulsesecure pulse_policy_secure 5.4r5
pulsesecure pulse_policy_secure 5.4r5.2
pulsesecure pulse_policy_secure 5.4r6
pulsesecure pulse_policy_secure 5.4r6.1
pulsesecure pulse_policy_secure 5.4r7
pulsesecure pulse_policy_secure 5.4rx
pulsesecure pulse_policy_secure 9.0r1
pulsesecure pulse_policy_secure 9.0r2
pulsesecure pulse_policy_secure 9.0r2.1
pulsesecure pulse_policy_secure 9.0r3
pulsesecure pulse_policy_secure 9.0r3.1
pulsesecure pulse_policy_secure 9.0rx



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB453513-AFEA-4E68-8441-3984E83FFB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2037BE1-408C-47E8-8A70-8440BF3A1ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "8135B806-EE52-412B-8EE1-6F20666055CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD77C208-DD3E-46BD-930F-93BB39799D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D68BA7-3626-4D54-B6B3-ED0C2F25ADC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "190F575A-E9D4-403B-9AAC-D665D80B37D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B522EA-2724-4D88-89FE-8A3E1297313E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6444B34E-C3E3-4959-8C5D-ACF5FF65D2DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF9BB1A-07D4-4757-BC09-49CCC044CE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F4694C1-667B-4BAC-ABF1-92AE4FD26893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FE2F01-1675-45FB-90ED-A7A8C3E79114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A42EFC8-C5FF-4397-87CF-263813FAA5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C952B5B8-DCAB-476A-9E60-3F1BBE509F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F199F01-9EEA-4184-AD99-6B21110484AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9938EBCC-B9B7-4FB1-9ACB-9BED485AB5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4A309B-ACB0-4053-909A-6889129EB2C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A4A105-EBF3-4895-9ABE-50972DD232F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4013CA1C-48F0-46F6-B327-E6B34311A7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "112B9736-336D-4C72-A960-0B33DD3439EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FA8DC5-900B-4A53-AF55-410A7FF901E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4946BBE-E449-4F89-910C-3389BDF36071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDBD7BC-C9A7-48C2-B3BC-8E2C90F54268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B56D6E-2429-4511-8FE6-A9BE1226F031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "17BD737E-F387-4239-B3C6-E4B71EB13995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC6D632-9B03-4CFF-85D8-B4127257A47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "C766CBF4-502C-4522-845C-A5436DD1960D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F2FFEC-F243-4D85-888E-339C60B3C0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A841849-DA0E-4BAA-8807-F42481C9457D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC5A497-1FA2-4AE4-A611-553129B9F78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "479B25A4-59AA-4FA4-B1CC-E06781D00962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r4:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C0556B-2420-46F2-A08E-EC83DA514A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "479C0704-9FE5-42D6-8968-780391708F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE3B07D-879B-4AF2-9AA7-D9F64A577373",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "497631E3-0E1F-4267-8ADA-7697FF0BF7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF444E5-2EEA-4223-85E1-B2EA6D0543E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA2AD75-A6DD-48D0-83E7-A5F00F31C010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A6F2EF-09AF-4DAA-A552-6111C51DD210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C50D348-E894-4B8D-ACFF-DE04FB47A97B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "436C11B9-1A19-4751-877C-104370C769A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F709A2-79F6-4912-9B81-6EBF9E0D438E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B694A761-C3DC-41C9-8FFA-271950BEFE60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE48A776-5899-47E8-8B1C-B046594E6084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7BB3D9-7259-4DF3-B408-AE421CE206D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad Cross-site scripting (XSS), en la consola web de administraci\u00f3n de Pulse Secure Pulse Connect Secure (PCS) versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, y versiones 8.1RX anteriores a 8.1R15.1; Pulse Policy Secure versiones 9.0RX anteriores a 9.0R3.2, versiones 5.4RX anteriores a 5.4R7.1, y versiones 5.2RX anteriores a 5.2R12.1"
    }
  ],
  "id": "CVE-2019-11543",
  "lastModified": "2024-11-21T04:21:18.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-26T02:29:00.550",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Summary
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43AF1D62-D827-4495-A4B0-CCA0C2BEE68F",
              "versionEndExcluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45F30A80-665D-4726-983C-36FED0CBF6E1",
              "versionEndExcluding": "9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones por debajo de 9.1R9, podr\u00eda permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) y Redireccionamiento Abierto para la interfaz de usuario web autenticada"
    }
  ],
  "id": "CVE-2020-8262",
  "lastModified": "2024-11-21T05:38:36.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-28T13:15:13.213",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-30 13:15
Modified
2024-11-21 05:38
Summary
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper authentication vulnerability exists in Pulse Connect Secure \u003c9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada en Pulse Connect Secure versiones anteriores a 9.1RB, que permite a un atacante con credenciales primarias de los usuarios omitir el TOTP de Google"
    }
  ],
  "id": "CVE-2020-8206",
  "lastModified": "2024-11-21T05:38:30.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-30T13:15:11.533",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-09-06 23:29
Modified
2024-11-21 04:10
Severity ?
Summary
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2037BE1-408C-47E8-8A70-8440BF3A1ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "8135B806-EE52-412B-8EE1-6F20666055CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD77C208-DD3E-46BD-930F-93BB39799D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A42EFC8-C5FF-4397-87CF-263813FAA5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C952B5B8-DCAB-476A-9E60-3F1BBE509F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F199F01-9EEA-4184-AD99-6B21110484AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9938EBCC-B9B7-4FB1-9ACB-9BED485AB5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4A309B-ACB0-4053-909A-6889129EB2C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A4A105-EBF3-4895-9ABE-50972DD232F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4013CA1C-48F0-46F6-B327-E6B34311A7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "112B9736-336D-4C72-A960-0B33DD3439EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FA8DC5-900B-4A53-AF55-410A7FF901E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4946BBE-E449-4F89-910C-3389BDF36071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "C766CBF4-502C-4522-845C-A5436DD1960D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F2FFEC-F243-4D85-888E-339C60B3C0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A841849-DA0E-4BAA-8807-F42481C9457D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A6F2EF-09AF-4DAA-A552-6111C51DD210",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto una vulnerabilidad en login.cgi en Pulse Secure Pulse Connect Secure (PCS) en versiones 8.1RX anteriores a la 8.1R12 y versiones 8.3RX anteriores a la 8.3R2 y Pulse Policy Secure (PPS) en versiones 5.2RX anteriores a la 5.2R9 y versiones 5.4RX anteriores a la 5.4R2 cuando se conf\u00eda en una cabecera Host HTTP(S) recibida del navegador sin validaci\u00f3n."
    }
  ],
  "id": "CVE-2018-6320",
  "lastModified": "2024-11-21T04:10:28.793",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-06T23:29:02.053",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-30 13:15
Modified
2024-11-21 05:38
Summary
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A path traversal vulnerability exists in Pulse Connect Secure \u003c9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado leer archivos arbitrarios por medio de la interfaz web del administrador"
    }
  ],
  "id": "CVE-2020-8221",
  "lastModified": "2024-11-21T05:38:31.913",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-30T13:15:12.063",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-06 21:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "188EFC3E-AB48-4325-96AB-2D2A9062E758",
              "versionEndIncluding": "2020-04-06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8182B8E7-8C34-4A60-A1B3-0E0C9CCB87F0",
              "versionEndIncluding": "2020-04-06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Pulse Secure Pulse Connect Secure (PCS) hasta el 06-04-2020. El applet en el archivo tncc.jar, ejecutado en clientes macOS, Linux y Solaris cuando se aplica una pol\u00edtica Host Checker, acepta un certificado de tipo SSL arbitrario."
    }
  ],
  "id": "CVE-2020-11580",
  "lastModified": "2024-11-21T04:58:10.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-06T21:15:13.513",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-30 13:15
Modified
2024-11-21 05:38
Summary
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A denial of service vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad denegaci\u00f3n de servicio en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado llevar a cabo una inyecci\u00f3n de comandos por medio de la web del administrador que puede causar una DOS"
    }
  ],
  "id": "CVE-2020-8220",
  "lastModified": "2024-11-21T05:38:31.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-30T13:15:11.987",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-30 13:15
Modified
2024-11-21 05:38
Summary
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability in meeting of Pulse Connect Secure \u003c9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la reuni\u00f3n de Pulse Connect Secure versiones anteriores a 9.1R8, permiti\u00f3 a usuarios finales autenticados encontrar detalles de la reuni\u00f3n, si conocen el ID de Reuni\u00f3n"
    }
  ],
  "id": "CVE-2020-8216",
  "lastModified": "2024-11-21T05:38:31.307",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-30T13:15:11.707",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-03 20:29
Modified
2024-11-21 04:21
Summary
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.
Impacted products
Vendor Product Version
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.1
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.2
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti connect_secure 9.0
ivanti policy_secure 9.0
ivanti policy_secure 9.0
ivanti policy_secure 9.0
ivanti policy_secure 9.0
ivanti policy_secure 9.0
ivanti policy_secure 9.0
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "9BF1434F-BC2F-4C63-B3CB-BBC14F95E0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r1.1:*:*:*:*:*:*",
              "matchCriteriaId": "5EF31B2A-7DEE-4C69-ADE5-FFBF176D8DCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r10.0:*:*:*:*:*:*",
              "matchCriteriaId": "AFC39A4D-7738-4818-9866-A34C55216401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r11.0:*:*:*:*:*:*",
              "matchCriteriaId": "91B0F725-70CD-4CF4-AF35-4DEB24F7E3E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r11.1:*:*:*:*:*:*",
              "matchCriteriaId": "E6FA7630-082B-4F48-BE53-981052FB7268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r12.0:*:*:*:*:*:*",
              "matchCriteriaId": "46F9CEBB-08AD-42DD-8CEE-6F1C555D1608",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r12.1:*:*:*:*:*:*",
              "matchCriteriaId": "BF7844C4-7A48-49D1-A924-2C546E9C6BB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r13.0:*:*:*:*:*:*",
              "matchCriteriaId": "91884BC5-280F-4E39-88E0-E7C4F6519D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r14.0:*:*:*:*:*:*",
              "matchCriteriaId": "3E3F03F7-A3CE-4E98-95A7-43906FFE7959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "D56B8268-81D1-4CC0-A115-0CDFE8ACD59D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "B10E91CD-0FCC-4DEF-8043-38819C597934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "9D3965E4-51E0-4F15-B03B-7342EA6BCA63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r3.2:*:*:*:*:*:*",
              "matchCriteriaId": "2636BBD1-D46F-4EA2-A460-A343443F838A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "ECFA01A7-6AB6-4E6B-82E3-30CE8C776960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "069B315B-FF97-4F3C-A1AB-831E6CD5F94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r5.0:*:*:*:*:*:*",
              "matchCriteriaId": "84418011-9D3F-4C72-B911-A6E4CEA171F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r6.0:*:*:*:*:*:*",
              "matchCriteriaId": "A7D488D9-6AC7-4DE4-9D65-A8E2D287DCB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r7.0:*:*:*:*:*:*",
              "matchCriteriaId": "B3A09079-5587-4FB1-9EC2-F6E44D523CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r8.0:*:*:*:*:*:*",
              "matchCriteriaId": "8FB98CD3-E968-4336-81BD-0132DBD7462C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r9.0:*:*:*:*:*:*",
              "matchCriteriaId": "C5465537-625D-4A9D-8787-FF4744681BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r9.1:*:*:*:*:*:*",
              "matchCriteriaId": "96A2E24D-5EE5-46CF-AAA0-8474C4F641F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:r9.2:*:*:*:*:*:*",
              "matchCriteriaId": "1243FDDA-6D64-408E-8911-FA1D37A915ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "48B04626-10A7-4A12-AF3D-61C8D980AA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r1.1:*:*:*:*:*:*",
              "matchCriteriaId": "183E1DD7-EE4B-47C4-99E2-CD06ED2E0D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r10.0:*:*:*:*:*:*",
              "matchCriteriaId": "00F4DF7B-ED7F-46FC-8B12-5527FB5A4305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r11.0:*:*:*:*:*:*",
              "matchCriteriaId": "4A5AF6A0-6613-4B15-A1A3-AEAC0EF7E374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r12.0:*:*:*:*:*:*",
              "matchCriteriaId": "970C2BEE-5798-4A5F-8D4E-7970BFCF0CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "1D187DDB-96C8-4435-992E-CFEEE24BC7C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r3.0:*:*:*:*:*:*",
              "matchCriteriaId": "1CA6CBE1-CF6C-4D8C-BAB3-0B78E56E85DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "761102E8-04DB-465A-A592-98C5F5E0ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "3F7455AD-E662-4817-A343-9ACCE763B78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "A1F61A93-6E90-4063-BFCA-166DA0DDCE38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r5.0:*:*:*:*:*:*",
              "matchCriteriaId": "B5BF94C4-0456-4CB1-9CC5-02A316C84E09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r5.1:*:*:*:*:*:*",
              "matchCriteriaId": "35F94103-0DB3-4D3A-8247-59E1F86743B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r6.0:*:*:*:*:*:*",
              "matchCriteriaId": "784ADC67-57BF-4FFA-AC13-5F2F1208F39D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r7.0:*:*:*:*:*:*",
              "matchCriteriaId": "E6D81535-5163-4DAD-8AAA-61F107E11EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r7.1:*:*:*:*:*:*",
              "matchCriteriaId": "DCF535C6-97A2-4222-9BF4-A7D16E5598FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r8.0:*:*:*:*:*:*",
              "matchCriteriaId": "2B3806F4-53E6-47B2-9D16-69B566DAAD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r8.1:*:*:*:*:*:*",
              "matchCriteriaId": "A37BEF28-D0D5-46BD-A460-32734D0D63B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r8.2:*:*:*:*:*:*",
              "matchCriteriaId": "363C9E09-EC06-4A34-8C25-97DCCAA992E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:r9.0:*:*:*:*:*:*",
              "matchCriteriaId": "3AB170D9-42AF-417B-8EF8-2895F54D0AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "2871AAD9-FC12-4E2D-B722-0F721D7FE101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "2A319BAB-F483-4926-9700-760D8025F747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "AA6BD7FD-29A3-468C-8A85-63202EB1B625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r3:*:*:*:*:*:*",
              "matchCriteriaId": "00AA23DF-CA30-41FC-9563-C95BA7D31129",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r4:*:*:*:*:*:*",
              "matchCriteriaId": "D85A6292-EE41-487C-A1DC-0E8E443A8075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r5:*:*:*:*:*:*",
              "matchCriteriaId": "2D829F28-4FFF-40C9-AF62-455BA5BB4E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r5.1:*:*:*:*:*:*",
              "matchCriteriaId": "8DC693D8-D12B-4A0B-808A-A0808BAA33DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r5.2:*:*:*:*:*:*",
              "matchCriteriaId": "3837BB6E-5236-4B2D-9693-4DE85C7845C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r6:*:*:*:*:*:*",
              "matchCriteriaId": "72430B2F-A311-4DF7-ABBB-1EE0BAF507FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r6.1:*:*:*:*:*:*",
              "matchCriteriaId": "B7FCDCCF-8509-431A-B450-B18C110AAE19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r7:*:*:*:*:*:*",
              "matchCriteriaId": "718B6320-E7BE-4715-A446-541D1AADA027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D47D09A8-4AC4-4CD9-B648-5F26453E2E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*",
              "matchCriteriaId": "59331DC5-FF5F-4BB3-905E-5A4A621F86ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "6A708C3F-9050-4475-95B3-4785D3E2CB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*",
              "matchCriteriaId": "52851AAA-88FB-40BC-B41A-B821F6BA9F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "F05DC11E-7C41-450B-A2BF-603E9252BB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*",
              "matchCriteriaId": "5DA976D9-A330-475E-B8C0-09EF3E08F18D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEAA1F3F-FC78-43C1-814A-19E94AC4A844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D47D09A8-4AC4-4CD9-B648-5F26453E2E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*",
              "matchCriteriaId": "59331DC5-FF5F-4BB3-905E-5A4A621F86ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "6A708C3F-9050-4475-95B3-4785D3E2CB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*",
              "matchCriteriaId": "52851AAA-88FB-40BC-B41A-B821F6BA9F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "F05DC11E-7C41-450B-A2BF-603E9252BB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD00E2EC-B772-4FE8-8CC5-829BE45BE878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r1:*:*:*:*:*:*",
              "matchCriteriaId": "26B25B34-7BD0-471B-A396-45CE5420E963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r2:*:*:*:*:*:*",
              "matchCriteriaId": "AA514C05-2834-4C7B-B022-02B41C9AAD6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "0929C645-DACB-4341-9032-7C79FFC8BCF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r3:*:*:*:*:*:*",
              "matchCriteriaId": "0D36CB5A-8389-4F2F-882A-4E8F30028799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "517DA74B-9D69-45E1-A707-A08A305A507C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02986965-0782-4BCA-8CD6-0239F41D857D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "E7F9AA1E-7BF4-4E58-97BE-136924689E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r10.0:*:*:*:*:*:*",
              "matchCriteriaId": "2D06CEEE-2DCF-433D-B894-568EEF6E1C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r11.0:*:*:*:*:*:*",
              "matchCriteriaId": "69C15133-1A8F-4C6A-99ED-2BB47CD878A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "7711F334-1743-433E-A30D-630EAA72061C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r3.0:*:*:*:*:*:*",
              "matchCriteriaId": "ACBBAE14-3BBD-4425-AB53-D0A2998B341A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r3.2:*:*:*:*:*:*",
              "matchCriteriaId": "85DAD6CD-15E7-4401-9DF8-135B6D8C629E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "67322873-15B9-49E9-9828-3B46A83BAA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r5.0:*:*:*:*:*:*",
              "matchCriteriaId": "33E8CF2C-C51E-4470-9CA4-A8FE6EAC9AF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r6.0:*:*:*:*:*:*",
              "matchCriteriaId": "EE9EBE2F-8B10-479A-BDC4-E8777836B72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r7.0:*:*:*:*:*:*",
              "matchCriteriaId": "E05CD6D2-B0CB-48D4-874C-A0D2A9FC9E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r7.1:*:*:*:*:*:*",
              "matchCriteriaId": "BD61ABE7-E1B8-4370-9DDC-FCDED9839C82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r8.0:*:*:*:*:*:*",
              "matchCriteriaId": "BD067BC2-5FCE-4CB5-9D2A-F1F2CFAC9368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r9.0:*:*:*:*:*:*",
              "matchCriteriaId": "76DE6AB9-13E7-4A73-95E6-213C3FD67C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r9.1:*:*:*:*:*:*",
              "matchCriteriaId": "0595DA20-8C20-47E3-B91A-A437B6585008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0C692A5-5AEA-434E-A5F6-8AC56719D0EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D7D1B75B-CFB5-48ED-847A-D60E14A72C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "5B1543C9-3A4B-4DDC-ADD4-20EA6F44AA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "ECA76217-878B-426D-8C9C-2FEA1A81EC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "623D0428-4DE6-4A2C-931D-4AEEFC5E9970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r4:*:*:*:*:*:*",
              "matchCriteriaId": "7FC3625D-07A0-4E2F-BD8A-D831ECFA51CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r5:*:*:*:*:*:*",
              "matchCriteriaId": "D0ED8C46-CEFB-45AA-9F3D-6C177A2B79CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r5.2:*:*:*:*:*:*",
              "matchCriteriaId": "7140B495-92BD-498D-B164-C75526DF7BE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r6:*:*:*:*:*:*",
              "matchCriteriaId": "195EF6A3-303F-47B8-BBB5-1EF2F532C37C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r6.1:*:*:*:*:*:*",
              "matchCriteriaId": "E3C9A6FB-E954-411A-B561-5DA8F1514E0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r7:*:*:*:*:*:*",
              "matchCriteriaId": "B174CECC-9B31-4DC3-B3F7-04E76ACADE30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance."
    },
    {
      "lang": "es",
      "value": "En Pulse Secure Pulse Secure Connect (PCS) anterior de la versi\u00f3n 8.1R15.1, 8.2 anterior de la versi\u00f3n 8.2R12.1, 8.3 anterior de la versi\u00f3n 8.3R7.1 y 9.0 anterior  de  9.0R3.4 y Pulse Policy Secure (PPS) anterior de la versi\u00f3n 5.1R15.1, 5.2 anterior  de la versi\u00f3n 5.2R12.1, 5.3 anterior de la versi\u00f3n  5.3R15.1, 5.4 anterior de  la versi\u00f3n 5.4R7.1 y 9.0 ante de la versi\u00f3n 9.0R3.2, un atacante identificado (a trav\u00e9s de la interfaz web de administraci\u00f3n) puede operar el control de acceso incorrecto para ejecutar c\u00f3digo arbitrario en el dispositivo ."
    }
  ],
  "id": "CVE-2019-11509",
  "lastModified": "2024-11-21T04:21:14.110",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-03T20:29:00.517",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/?atype=sa"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/?atype=sa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/927237"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-27 23:15
Modified
2024-11-21 05:00
Summary
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)"
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Pulse Policy Secure (PPS) y Pulse Connect Secure (PCS) Virtual Appliance versiones anteriores a 9.1R8. Al manipular un determinado par\u00e1metro de arranque del kernel, puede ser enga\u00f1ado para que caiga en un shell root en una fase previa a la instalaci\u00f3n donde el c\u00f3digo fuente completo del dispositivo est\u00e1 disponible y puede ser recuperado. (De lo contrario, el c\u00f3digo fuente es inaccesible porque el dispositivo posee sus discos duros cifrados y no existe ning\u00fan shell root disponible durante el funcionamiento normal)"
    }
  ],
  "id": "CVE-2020-12880",
  "lastModified": "2024-11-21T05:00:28.783",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-27T23:15:12.497",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/?atype=sa"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/?atype=sa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-28 18:15
Modified
2024-11-21 04:02
Severity ?
Summary
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
Impacted products
Vendor Product Version
ivanti connect_secure 8.3
pulsesecure pulse_policy_secure 5.4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "2871AAD9-FC12-4E2D-B722-0F721D7FE101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D7D1B75B-CFB5-48ED-847A-D60E14A72C71",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices."
    },
    {
      "lang": "es",
      "value": "Los datos de sesi\u00f3n entre nodos del cl\u00faster durante la sincronizaci\u00f3n del cl\u00faster no est\u00e1n cifrados correctamente en Pulse Secure Pulse Connect Secure (PCS) 8.3RX antes de 8.3R2 y Pulse Policy Secure (PPS) 5.4RX antes de 5.4R2. Esto no es aplicable a PCS 8.1RX, PPS 5.2RX o dispositivos independientes."
    }
  ],
  "id": "CVE-2018-20810",
  "lastModified": "2024-11-21T04:02:13.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-28T18:15:11.067",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-09-06 23:29
Modified
2024-11-21 03:48
Summary
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB453513-AFEA-4E68-8441-3984E83FFB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2037BE1-408C-47E8-8A70-8440BF3A1ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "8135B806-EE52-412B-8EE1-6F20666055CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD77C208-DD3E-46BD-930F-93BB39799D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A42EFC8-C5FF-4397-87CF-263813FAA5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C952B5B8-DCAB-476A-9E60-3F1BBE509F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F199F01-9EEA-4184-AD99-6B21110484AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9938EBCC-B9B7-4FB1-9ACB-9BED485AB5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4A309B-ACB0-4053-909A-6889129EB2C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A4A105-EBF3-4895-9ABE-50972DD232F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4013CA1C-48F0-46F6-B327-E6B34311A7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "112B9736-336D-4C72-A960-0B33DD3439EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FA8DC5-900B-4A53-AF55-410A7FF901E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4946BBE-E449-4F89-910C-3389BDF36071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDBD7BC-C9A7-48C2-B3BC-8E2C90F54268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B56D6E-2429-4511-8FE6-A9BE1226F031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "C766CBF4-502C-4522-845C-A5436DD1960D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F2FFEC-F243-4D85-888E-339C60B3C0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A841849-DA0E-4BAA-8807-F42481C9457D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC5A497-1FA2-4AE4-A611-553129B9F78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "479B25A4-59AA-4FA4-B1CC-E06781D00962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4rx:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A6F2EF-09AF-4DAA-A552-6111C51DD210",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability."
    },
    {
      "lang": "es",
      "value": "download.cgi en Pulse Secure Pulse Connect Secure, en versiones 8.1RX anteriores a la 8.1R13 y versiones 8.3RX anteriores a la 8.3R4; y Pulse Policy Secure hasta versiones 5.2RX anteriores a la 5.2R10 y versiones 5.4RX anteriores a la 5.4R4 tienen una vulnerabilidad de redirecci\u00f3n abierta."
    }
  ],
  "id": "CVE-2018-14366",
  "lastModified": "2024-11-21T03:48:55.847",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-06T23:29:00.367",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-28 18:15
Modified
2024-11-21 04:02
Summary
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
Impacted products
Vendor Product Version
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
ivanti connect_secure 8.3
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 4.4
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.0
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.1
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.2
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.3
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4
pulsesecure pulse_policy_secure 5.4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "2871AAD9-FC12-4E2D-B722-0F721D7FE101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "2A319BAB-F483-4926-9700-760D8025F747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "AA6BD7FD-29A3-468C-8A85-63202EB1B625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r3:*:*:*:*:*:*",
              "matchCriteriaId": "00AA23DF-CA30-41FC-9563-C95BA7D31129",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r4:*:*:*:*:*:*",
              "matchCriteriaId": "D85A6292-EE41-487C-A1DC-0E8E443A8075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "04EA64A9-1F37-4B59-81A8-68CDE219E7B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r1.1:*:*:*:*:*:*",
              "matchCriteriaId": "E2DAD51B-A3DC-48D4-A254-6C4FF0130CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r10:*:*:*:*:*:*",
              "matchCriteriaId": "AFBBCD31-7E72-4BDC-982B-1097D7FB7007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r11.1:*:*:*:*:*:*",
              "matchCriteriaId": "72C6CB5E-6734-47C8-8F7F-4E3BE8A0EB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r12.0:*:*:*:*:*:*",
              "matchCriteriaId": "1A610225-1F08-4282-B2E9-E965CE2BBE1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r13.1:*:*:*:*:*:*",
              "matchCriteriaId": "BA36058B-9DE7-40DA-8A5E-C3293B2C1489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r13.2:*:*:*:*:*:*",
              "matchCriteriaId": "99B5130F-59ED-45F5-B4EF-9A673800634D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r13.3:*:*:*:*:*:*",
              "matchCriteriaId": "8427949F-B4AE-4E7B-99A1-7D3508ADCE6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r130:*:*:*:*:*:*",
              "matchCriteriaId": "71383254-0AF7-4F5A-89ED-8EFC42D023B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "297C7B31-40A2-4870-B434-9EDA0D9E9873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r3.0:*:*:*:*:*:*",
              "matchCriteriaId": "A397F94F-5C95-4F33-91C2-463CD9494902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "F4203DB8-B288-4E5E-AA12-124C4E94E219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r5.0:*:*:*:*:*:*",
              "matchCriteriaId": "C515B222-365C-4C0B-9D02-499FBBD2EBBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r6.0:*:*:*:*:*:*",
              "matchCriteriaId": "07CA9366-78AB-49AF-98CA-4C88178804AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r7.0:*:*:*:*:*:*",
              "matchCriteriaId": "39A45095-D4C7-47B7-889B-15ADA845E5A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:4.4:r8.0:*:*:*:*:*:*",
              "matchCriteriaId": "1BBA93A6-DEE3-4D9B-BA19-ED03123A7404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "94256375-336B-41EF-A306-BC9BA6EFF355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r10.0:*:*:*:*:*:*",
              "matchCriteriaId": "8421D0D2-A05D-437F-B9EF-FF367D2493E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r11.0:*:*:*:*:*:*",
              "matchCriteriaId": "C5BBA362-0E45-4749-AA5F-FD0FFFD2DF20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r12.1:*:*:*:*:*:*",
              "matchCriteriaId": "463924E2-7EE3-4FE8-9BA9-EB39B77437DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r13.0:*:*:*:*:*:*",
              "matchCriteriaId": "75467D95-049A-4DB1-AF84-695578880E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r13.1:*:*:*:*:*:*",
              "matchCriteriaId": "A80D8FDB-A360-4BDE-989E-A1F4C5AF7CDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "D004C44F-2495-40B4-9427-23A6B5272582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r3.0:*:*:*:*:*:*",
              "matchCriteriaId": "9EAA943A-D6C1-4AD6-BB21-DD0F3063BC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r3.2:*:*:*:*:*:*",
              "matchCriteriaId": "3827608A-D707-4F3F-AE7B-87400BDB7E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "8364B794-1D25-4115-8F44-EC2D373B7662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "0E3DC810-879D-4069-A436-11F527E9ACBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r5.0:*:*:*:*:*:*",
              "matchCriteriaId": "21FC1CFD-42DF-4A7A-A3C9-834FD5747C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r6.0:*:*:*:*:*:*",
              "matchCriteriaId": "71177578-D169-4357-AE4D-ECA5ACABEF76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r7.0:*:*:*:*:*:*",
              "matchCriteriaId": "C9E30E2F-E8CF-4872-9E7D-5A30C0860DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r7.1:*:*:*:*:*:*",
              "matchCriteriaId": "E0BA2D36-2B01-4EA4-AF50-80CD80DF28F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r8.0:*:*:*:*:*:*",
              "matchCriteriaId": "EF8BBDA0-6BFA-43F1-8E61-F12D7479CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r8.1:*:*:*:*:*:*",
              "matchCriteriaId": "A7065B88-2C86-4E3E-BD9F-B3E2C9312869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.0:r9.0:*:*:*:*:*:*",
              "matchCriteriaId": "0CB2E5A8-9ECF-4974-A8B8-08FA21A52C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "1D46393F-9199-423F-9C05-5644F588F0FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r1.1:*:*:*:*:*:*",
              "matchCriteriaId": "A5FA206F-DF4C-4193-9B15-25AF1A692486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r10.0:*:*:*:*:*:*",
              "matchCriteriaId": "BF4F3BBD-A6A4-4083-A7FF-2E1C197138AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r11.0:*:*:*:*:*:*",
              "matchCriteriaId": "29EE0344-F891-41A2-8DC4-7347E151D113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r12.0:*:*:*:*:*:*",
              "matchCriteriaId": "742ADD2A-ECC7-4D6C-924C-54967BF1449B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r12.1:*:*:*:*:*:*",
              "matchCriteriaId": "D4EEA944-1D31-48E1-B525-BF5C2A5B79D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r13.0:*:*:*:*:*:*",
              "matchCriteriaId": "AE951F7F-F85A-4930-A5B9-02E9AFC649A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r14.0:*:*:*:*:*:*",
              "matchCriteriaId": "3B263752-66AA-457D-9C4F-90BF9CB6223E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "42F48EF1-2F0C-45F8-AA12-B8B02A9DCC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "7E9BC208-CADD-4BDD-B858-4191FC4AA4E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r3.0:*:*:*:*:*:*",
              "matchCriteriaId": "A8066309-8BCD-4508-9045-338B2BF96209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r3.2:*:*:*:*:*:*",
              "matchCriteriaId": "A017FBE9-5524-46E4-8020-13867CD371D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "C3EBC795-9754-4095-9217-B635B73109C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r5.0:*:*:*:*:*:*",
              "matchCriteriaId": "CF7A91D9-888A-425A-A63D-2EC1A4A3D773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r6.0:*:*:*:*:*:*",
              "matchCriteriaId": "0F94D849-C5D7-4EC6-B2BF-DDD450FC3B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r7.0:*:*:*:*:*:*",
              "matchCriteriaId": "BD5F01FD-0A10-406D-8FD5-4CBC3649AE9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r8.0:*:*:*:*:*:*",
              "matchCriteriaId": "4712B1FE-8B3A-4A1C-8EAE-BB1D98013E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r9.0:*:*:*:*:*:*",
              "matchCriteriaId": "257AE816-2893-4646-9351-7AE38433F6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.1:r9.1:*:*:*:*:*:*",
              "matchCriteriaId": "321AE625-4FFC-441C-8CED-9FB1F7D0AC20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "E7F9AA1E-7BF4-4E58-97BE-136924689E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r10.0:*:*:*:*:*:*",
              "matchCriteriaId": "2D06CEEE-2DCF-433D-B894-568EEF6E1C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r11.0:*:*:*:*:*:*",
              "matchCriteriaId": "69C15133-1A8F-4C6A-99ED-2BB47CD878A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "7711F334-1743-433E-A30D-630EAA72061C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r3.0:*:*:*:*:*:*",
              "matchCriteriaId": "ACBBAE14-3BBD-4425-AB53-D0A2998B341A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r3.2:*:*:*:*:*:*",
              "matchCriteriaId": "85DAD6CD-15E7-4401-9DF8-135B6D8C629E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "67322873-15B9-49E9-9828-3B46A83BAA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r5.0:*:*:*:*:*:*",
              "matchCriteriaId": "33E8CF2C-C51E-4470-9CA4-A8FE6EAC9AF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r6.0:*:*:*:*:*:*",
              "matchCriteriaId": "EE9EBE2F-8B10-479A-BDC4-E8777836B72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r7.0:*:*:*:*:*:*",
              "matchCriteriaId": "E05CD6D2-B0CB-48D4-874C-A0D2A9FC9E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r7.1:*:*:*:*:*:*",
              "matchCriteriaId": "BD61ABE7-E1B8-4370-9DDC-FCDED9839C82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r8.0:*:*:*:*:*:*",
              "matchCriteriaId": "BD067BC2-5FCE-4CB5-9D2A-F1F2CFAC9368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r9.0:*:*:*:*:*:*",
              "matchCriteriaId": "76DE6AB9-13E7-4A73-95E6-213C3FD67C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2:r9.1:*:*:*:*:*:*",
              "matchCriteriaId": "0595DA20-8C20-47E3-B91A-A437B6585008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "3E682F9A-BEB3-44ED-AAE6-3297D0BB6FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r1.1:*:*:*:*:*:*",
              "matchCriteriaId": "34ECEAD1-0499-44A5-8033-03846E538638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r10.0:*:*:*:*:*:*",
              "matchCriteriaId": "46B85E85-81B7-40A3-BA5E-CFBB56483A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r11.0:*:*:*:*:*:*",
              "matchCriteriaId": "B11A814F-A66D-4432-A134-7F92831ED25A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r12.0:*:*:*:*:*:*",
              "matchCriteriaId": "97EFF4AB-3B41-46FE-9A7A-5B23545D7520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDDED9-6D42-4C67-A1F2-AC64B9B56370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r3.0:*:*:*:*:*:*",
              "matchCriteriaId": "B1A3B268-E087-4096-A5C9-C323E32056F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "59691231-D331-4BD1-8372-82F46E1AF6E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "C0C0AF53-782F-48CE-B40F-1373695EC125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "0EF441E2-33F3-47CE-94F9-B0EAAF7C8E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r5.0:*:*:*:*:*:*",
              "matchCriteriaId": "91E95CD9-BBB3-43C5-B4A9-696F0E233666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r5.1:*:*:*:*:*:*",
              "matchCriteriaId": "600CE2E9-7BAA-48F5-8024-76F276261158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r5.2:*:*:*:*:*:*",
              "matchCriteriaId": "8DB55582-29D3-4133-9184-82B983E2858B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r6.0:*:*:*:*:*:*",
              "matchCriteriaId": "B869F72D-46E4-4E63-B917-E9F33BA2FEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r7.0:*:*:*:*:*:*",
              "matchCriteriaId": "890BAEE0-651B-4DC9-8CE8-A02DADB8E594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r8.0:*:*:*:*:*:*",
              "matchCriteriaId": "0DE14B69-AF02-42F2-87DB-7745D67430DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r8.1:*:*:*:*:*:*",
              "matchCriteriaId": "B1F85B41-B468-47E1-84E9-54E739A4E0E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r8.2:*:*:*:*:*:*",
              "matchCriteriaId": "EC4CD2B4-DE7A-4B02-8589-00A6B9376E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.3:r9.0:*:*:*:*:*:*",
              "matchCriteriaId": "7006738A-B971-4DEB-A36E-60CE0B898896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D7D1B75B-CFB5-48ED-847A-D60E14A72C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "5B1543C9-3A4B-4DDC-ADD4-20EA6F44AA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "ECA76217-878B-426D-8C9C-2FEA1A81EC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "623D0428-4DE6-4A2C-931D-4AEEFC5E9970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r4:*:*:*:*:*:*",
              "matchCriteriaId": "7FC3625D-07A0-4E2F-BD8A-D831ECFA51CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX."
    },
    {
      "lang": "es",
      "value": "Un mensaje manipulado puede provocar que el servidor web se bloquee con Pulse Secure Pulse Connect Secure (PCS) versi\u00f3n 8.3RX en versiones anteriores a 8.3R5 y Pulse Policy Secure versi\u00f3n 5.4RX versiones anteriores a 5.4R5. Esto no es aplicable a PCS versi\u00f3n 8.1RX."
    }
  ],
  "id": "CVE-2018-20809",
  "lastModified": "2024-11-21T04:02:13.683",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-28T18:15:11.003",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-30 18:15
Modified
2024-11-21 05:38
Summary
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
              "matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "26AEB02E-D2D0-4D7A-BB00-9E5112696B17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
              "matchCriteriaId": "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure \u003c 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure y Pulse Policy Secure versiones anteriores a 9.1R8.2, podr\u00eda permitir a atacantes llevar a cabo un ataque de tipo Cross-Site Scripting (XSS)"
    }
  ],
  "id": "CVE-2020-8238",
  "lastModified": "2024-11-21T05:38:34.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-30T18:15:28.990",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-28 13:15
Modified
2024-11-21 05:38
Summary
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43AF1D62-D827-4495-A4B0-CCA0C2BEE68F",
              "versionEndExcluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45F30A80-665D-4726-983C-36FED0CBF6E1",
              "versionEndExcluding": "9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Pulse Connect Secure / Pulse Policy Secure \u003c 9.1R9 is vulnerable to arbitrary cookie injection."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones anteriores a 9.1R9, es vulnerable a una inyecci\u00f3n de cookies arbitraria"
    }
  ],
  "id": "CVE-2020-8261",
  "lastModified": "2024-11-21T05:38:36.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-28T13:15:13.137",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-16 22:29
Modified
2024-11-21 04:08
Severity ?
Summary
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FCEE9FD-BA81-408D-83FB-843D6839E28D",
              "versionEndIncluding": "8.3r3",
              "versionStartIncluding": "8.3r1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E629D7-C049-4F86-A4E2-095178F963DC",
              "versionEndIncluding": "5.4r3",
              "versionStartIncluding": "5.4r1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en el servidor web en Pulse Secure Pulse Connect Secure (PCS) en versiones anteriores a la 8.3R4 y Pulse Policy Secure (PPS) en versiones anteriores a la 5.4R4 que conduce a la corrupci\u00f3n de memoria y a una posible ejecuci\u00f3n remota de c\u00f3digo."
    }
  ],
  "id": "CVE-2018-5299",
  "lastModified": "2024-11-21T04:08:32.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-16T22:29:00.240",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-06 21:15
Modified
2024-11-21 04:58
Summary
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "188EFC3E-AB48-4325-96AB-2D2A9062E758",
              "versionEndIncluding": "2020-04-06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1C8792C-1CF0-450B-A8BD-2B5274156053",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Pulse Secure Pulse Connect Secure (PCS) hasta el 06-04-2020. El applet en el archivo tncc.jar, ejecutado en clientes macOS, Linux y Solaris, cuando se aplica una pol\u00edtica Host Checker, permite que un atacante de tipo man-in-the-middle lleve a cabo ataques de inyecci\u00f3n de comandos del Sistema Operativo (contra un cliente) por medio de metacaracteres de shell en el M\u00e9todo doCustomRemediateInstructions, porque es usada la funci\u00f3n Runtime.getRuntime().exec()"
    }
  ],
  "id": "CVE-2020-11581",
  "lastModified": "2024-11-21T04:58:10.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-06T21:15:13.560",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-27 05:15
Modified
2024-11-21 05:05
Summary
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
              "matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
              "matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo XML external entity (XXE) en Pulse Connect Secure (PCS) versiones anteriores a 9.1R9 y Pulse Policy Secure (PPS) versiones anteriores a 9.1R9, permite a administradores autenticados remotos conducir ataques de tipo server-side request forgery (SSRF) por medio de un DTD dise\u00f1ado en una petici\u00f3n XML"
    }
  ],
  "id": "CVE-2020-15352",
  "lastModified": "2024-11-21T05:05:23.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-27T05:15:12.787",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-30 13:15
Modified
2024-11-21 05:38
Summary
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cross site scripting (XSS) vulnerability in Pulse Connect Secure \u003c9.1R8 allowed attackers to exploit in the URL used for Citrix ICA."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R8, permiti\u00f3 a atacantes explotar en la URL usada por Citrix ICA"
    }
  ],
  "id": "CVE-2020-8217",
  "lastModified": "2024-11-21T05:38:31.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-30T13:15:11.783",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2020-8243
Vulnerability from cvelistv5
Published
2020-09-29 13:44
Modified
2024-08-04 09:56
Severity ?
Summary
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.945Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secre",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R8.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Pulse Connect Secure \u003c 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection (CWE-94)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-29T13:44:31",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8243",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secre",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R8.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Pulse Connect Secure \u003c 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Code Injection (CWE-94)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8243",
    "datePublished": "2020-09-29T13:44:31",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.945Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8261
Vulnerability from cvelistv5
Published
2020-10-28 12:47
Modified
2024-08-04 09:56
Severity ?
Summary
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:28.147Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure / Pulse Policy Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "9.1R9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Pulse Connect Secure / Pulse Policy Secure \u003c 9.1R9 is vulnerable to arbitrary cookie injection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Classic Buffer Overflow (CWE-120)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-28T12:47:36",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8261",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure / Pulse Policy Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.1R9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Pulse Connect Secure / Pulse Policy Secure \u003c 9.1R9 is vulnerable to arbitrary cookie injection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Classic Buffer Overflow (CWE-120)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8261",
    "datePublished": "2020-10-28T12:47:36",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:28.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35258
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 09:29
Severity ?
Summary
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:29:17.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Neurons for Zero Trust Access Gateway",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ICS Prior to 9.1R14.3,9.1R15.2,9.1R16.2 and 22.2R4, IPS Prior to 9.1R17 and 22.3R1, Ivanti Neurons for Zero Trust Access Gateway Prior to 22.3R1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-128",
              "description": "Wrap-around Error (CWE-128)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-05T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2022-35258",
    "datePublished": "2022-12-05T00:00:00",
    "dateReserved": "2022-07-06T00:00:00",
    "dateUpdated": "2024-08-03T09:29:17.434Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8218
Vulnerability from cvelistv5
Published
2020-07-30 12:53
Modified
2024-08-04 09:56
Severity ?
Summary
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A code injection vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection (CWE-94)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-01T14:27:42",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8218",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A code injection vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Code Injection (CWE-94)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
            },
            {
              "name": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/",
              "refsource": "MISC",
              "url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8218",
    "datePublished": "2020-07-30T12:53:02",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11581
Vulnerability from cvelistv5
Published
2020-04-06 20:03
Modified
2024-08-04 11:35
Severity ?
Summary
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-08T20:06:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11581",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.lsd.cat/g/pulse-host-checker-rce",
              "refsource": "MISC",
              "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11581",
    "datePublished": "2020-04-06T20:03:38",
    "dateReserved": "2020-04-06T00:00:00",
    "dateUpdated": "2024-08-04T11:35:13.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11539
Vulnerability from cvelistv5
Published
2019-04-26 01:39
Modified
2024-08-04 22:55
Summary
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
          },
          {
            "name": "108073",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108073"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
          },
          {
            "name": "VU#927237",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/927237"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-06T15:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
        },
        {
          "name": "108073",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108073"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
        },
        {
          "name": "VU#927237",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/927237"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11539",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
            },
            {
              "name": "108073",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108073"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
            },
            {
              "name": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf",
              "refsource": "MISC",
              "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
            },
            {
              "name": "http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html"
            },
            {
              "name": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/",
              "refsource": "MISC",
              "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
            },
            {
              "name": "VU#927237",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/927237"
            },
            {
              "name": "http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155277/Pulse-Secure-VPN-Arbitrary-Command-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162092/Pulse-Secure-VPN-Arbitrary-Command-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11539",
    "datePublished": "2019-04-26T01:39:36",
    "dateReserved": "2019-04-25T00:00:00",
    "dateUpdated": "2024-08-04T22:55:40.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11543
Vulnerability from cvelistv5
Published
2019-04-26 01:40
Modified
2024-11-15 15:26
Summary
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:41.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
          },
          {
            "name": "108073",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108073"
          },
          {
            "name": "VU#927237",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/927237"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-11543",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T15:25:46.382899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T15:26:20.782Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T17:06:23",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
        },
        {
          "name": "108073",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108073"
        },
        {
          "name": "VU#927237",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/927237"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11543",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
            },
            {
              "name": "108073",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108073"
            },
            {
              "name": "VU#927237",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/927237"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11543",
    "datePublished": "2019-04-26T01:40:43",
    "dateReserved": "2019-04-25T00:00:00",
    "dateUpdated": "2024-11-15T15:26:20.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-20814
Vulnerability from cvelistv5
Published
2019-03-16 03:00
Modified
2024-08-05 12:12
Severity ?
Summary
An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:12:27.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
          },
          {
            "name": "109033",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109033"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-04T15:06:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
        },
        {
          "name": "109033",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109033"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20814",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
            },
            {
              "name": "109033",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109033"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20814",
    "datePublished": "2019-03-16T03:00:00",
    "dateReserved": "2019-03-15T00:00:00",
    "dateUpdated": "2024-08-05T12:12:27.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-5299
Vulnerability from cvelistv5
Published
2018-01-16 22:00
Modified
2024-08-05 05:33
Severity ?
Summary
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:43.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-16T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5299",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604",
              "refsource": "CONFIRM",
              "url": "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-5299",
    "datePublished": "2018-01-16T22:00:00",
    "dateReserved": "2018-01-08T00:00:00",
    "dateUpdated": "2024-08-05T05:33:43.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11509
Vulnerability from cvelistv5
Published
2019-06-03 19:34
Modified
2024-08-04 22:55
Severity ?
Summary
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.698Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/?atype=sa"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
          },
          {
            "name": "VU#927237",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/927237"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T17:06:17",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/?atype=sa"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
        },
        {
          "name": "VU#927237",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/927237"
        }
      ],
      "x_ConverterErrors": {
        "cvssV3_0": {
          "error": "CVSSV3_0 data from v4 record is invalid",
          "message": "Missing mandatory metrics \"AV\""
        }
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11509",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:H/A:H/C:H/I:H/PR:H/S:U/UI:R",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/?atype=sa",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/?atype=sa"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/"
            },
            {
              "name": "VU#927237",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/927237"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11509",
    "datePublished": "2019-06-03T19:34:46",
    "dateReserved": "2019-04-24T00:00:00",
    "dateUpdated": "2024-08-04T22:55:40.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35254
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 09:29
Severity ?
Summary
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:29:17.468Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Neurons for Zero Trust Access Gateway",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ICS Prior to 9.1R14.3,9.1R15.2,9.1R16.2 and 22.2R4 and 22.2R1, IPS Prior to 9.1R17 and 22.3R1, Ivanti Neurons for Zero Trust Access Gateway Prior to 22.3R1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free (CWE-416)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-05T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2022-35254",
    "datePublished": "2022-12-05T00:00:00",
    "dateReserved": "2022-07-06T00:00:00",
    "dateUpdated": "2024-08-03T09:29:17.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8216
Vulnerability from cvelistv5
Published
2020-07-30 12:53
Modified
2024-08-04 09:56
Severity ?
Summary
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability in meeting of Pulse Connect Secure \u003c9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information Disclosure (CWE-200)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-30T12:53:02",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8216",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability in meeting of Pulse Connect Secure \u003c9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure (CWE-200)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8216",
    "datePublished": "2020-07-30T12:53:02",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8217
Vulnerability from cvelistv5
Published
2020-07-30 12:53
Modified
2024-08-04 09:56
Severity ?
Summary
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A cross site scripting (XSS) vulnerability in Pulse Connect Secure \u003c9.1R8 allowed attackers to exploit in the URL used for Citrix ICA."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-30T12:53:02",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8217",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A cross site scripting (XSS) vulnerability in Pulse Connect Secure \u003c9.1R8 allowed attackers to exploit in the URL used for Citrix ICA."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8217",
    "datePublished": "2020-07-30T12:53:02",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8204
Vulnerability from cvelistv5
Published
2020-07-30 12:53
Modified
2024-08-04 09:56
Severity ?
Summary
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure \u003c9.1R5 on the PSAL Page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (XSS) - DOM (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-30T12:53:02",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8204",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure \u003c9.1R5 on the PSAL Page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - DOM (CWE-79)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8204",
    "datePublished": "2020-07-30T12:53:02",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-6320
Vulnerability from cvelistv5
Published
2018-09-06 23:00
Modified
2024-08-05 06:01
Severity ?
Summary
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:01:48.718Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-06T22:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-6320",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-6320",
    "datePublished": "2018-09-06T23:00:00",
    "dateReserved": "2018-01-26T00:00:00",
    "dateUpdated": "2024-08-05T06:01:48.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8222
Vulnerability from cvelistv5
Published
2020-07-30 12:53
Modified
2024-08-04 09:56
Severity ?
Summary
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A path traversal vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Path Traversal (CWE-22)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-30T12:53:02",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A path traversal vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Traversal (CWE-22)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8222",
    "datePublished": "2020-07-30T12:53:02",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11580
Vulnerability from cvelistv5
Published
2020-04-06 20:03
Modified
2024-08-04 11:35
Severity ?
Summary
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-08T20:06:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11580",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.lsd.cat/g/pulse-host-checker-rce",
              "refsource": "MISC",
              "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11580",
    "datePublished": "2020-04-06T20:03:00",
    "dateReserved": "2020-04-06T00:00:00",
    "dateUpdated": "2024-08-04T11:35:13.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14366
Vulnerability from cvelistv5
Published
2018-09-06 23:00
Modified
2024-08-05 09:29
Severity ?
Summary
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:29:50.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-06T22:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14366",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14366",
    "datePublished": "2018-09-06T23:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:29:50.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-20809
Vulnerability from cvelistv5
Published
2019-03-16 03:00
Modified
2024-09-16 20:16
Severity ?
Summary
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:12:27.098Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-16T03:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20809",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20809",
    "datePublished": "2019-03-16T03:00:00Z",
    "dateReserved": "2019-03-15T00:00:00Z",
    "dateUpdated": "2024-09-16T20:16:14.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11542
Vulnerability from cvelistv5
Published
2019-04-26 01:40
Modified
2024-08-04 22:55
Summary
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
          },
          {
            "name": "108073",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108073"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
          },
          {
            "name": "VU#927237",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/927237"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T17:06:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
        },
        {
          "name": "108073",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108073"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
        },
        {
          "name": "VU#927237",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/927237"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
            },
            {
              "name": "108073",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108073"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
            },
            {
              "name": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf",
              "refsource": "MISC",
              "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
            },
            {
              "name": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/",
              "refsource": "MISC",
              "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
            },
            {
              "name": "VU#927237",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/927237"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11542",
    "datePublished": "2019-04-26T01:40:33",
    "dateReserved": "2019-04-25T00:00:00",
    "dateUpdated": "2024-08-04T22:55:40.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8220
Vulnerability from cvelistv5
Published
2020-07-30 12:53
Modified
2024-08-04 09:56
Severity ?
Summary
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Denial of Service (CWE-400)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-30T12:53:02",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8220",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (CWE-400)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8220",
    "datePublished": "2020-07-30T12:53:02",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-15352
Vulnerability from cvelistv5
Published
2020-10-27 04:10
Modified
2024-08-04 13:15
Severity ?
Summary
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:15:20.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-27T04:10:54",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-15352",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-15352",
    "datePublished": "2020-10-27T04:10:54",
    "dateReserved": "2020-06-26T00:00:00",
    "dateUpdated": "2024-08-04T13:15:20.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8262
Vulnerability from cvelistv5
Published
2020-10-28 12:47
Modified
2024-08-04 09:56
Severity ?
Summary
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:28.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure / Pulse Policy Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-28T12:47:55",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8262",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure / Pulse Policy Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8262",
    "datePublished": "2020-10-28T12:47:55",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:28.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-11455
Vulnerability from cvelistv5
Published
2017-08-29 15:00
Modified
2024-08-05 18:12
Severity ?
Summary
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:12:40.105Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039242",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039242"
          },
          {
            "name": "100530",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100530"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1039242",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039242"
        },
        {
          "name": "100530",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100530"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-11455",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039242",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039242"
            },
            {
              "name": "100530",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100530"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40793"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-11455",
    "datePublished": "2017-08-29T15:00:00",
    "dateReserved": "2017-07-19T00:00:00",
    "dateUpdated": "2024-08-05T18:12:40.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12880
Vulnerability from cvelistv5
Published
2020-07-27 22:10
Modified
2024-08-04 12:11
Severity ?
Summary
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:18.205Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/?atype=sa"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-27T22:10:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/?atype=sa"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12880",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/?atype=sa",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/?atype=sa"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12880",
    "datePublished": "2020-07-27T22:10:12",
    "dateReserved": "2020-05-15T00:00:00",
    "dateUpdated": "2024-08-04T12:11:18.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11478
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-16 23:45
Summary
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
References
https://www.kb.cert.org/vuls/id/905115third-party-advisory, x_refsource_CERT-VN
https://access.redhat.com/errata/RHSA-2019:1594vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1602vendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2019/06/28/2mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/3mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/4mailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:1699vendor-advisory, x_refsource_REDHAT
https://seclists.org/bugtraq/2019/Jul/30mailing-list, x_refsource_BUGTRAQ
http://www.openwall.com/lists/oss-security/2019/10/24/1mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/10/29/3mailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.mdx_refsource_MISC
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanicx_refsource_MISC
https://access.redhat.com/security/vulnerabilities/tcpsackx_refsource_MISC
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.htmlx_refsource_MISC
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193x_refsource_CONFIRM
https://www.synology.com/security/advisory/Synology_SA_19_28x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190625-0001/x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10287x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2019-0010.htmlx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfx_refsource_CONFIRM
https://www.us-cert.gov/ics/advisories/icsa-19-253-03x_refsource_MISC
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.htmlx_refsource_MISC
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txtx_refsource_CONFIRM
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2ex_refsource_MISC
https://support.f5.com/csp/article/K26618426x_refsource_CONFIRM
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007x_refsource_CONFIRM
http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.767Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#905115",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/905115"
          },
          {
            "name": "RHSA-2019:1594",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1594"
          },
          {
            "name": "RHSA-2019:1602",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1602"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "name": "RHSA-2019:1699",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1699"
          },
          {
            "name": "20190722 [SECURITY] [DSA 4484-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/30"
          },
          {
            "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
          },
          {
            "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K26618426"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.4.182",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            },
            {
              "lessThan": "4.9.182",
              "status": "affected",
              "version": "4.9",
              "versionType": "custom"
            },
            {
              "lessThan": "4.14.127",
              "status": "affected",
              "version": "4.14",
              "versionType": "custom"
            },
            {
              "lessThan": "4.19.52",
              "status": "affected",
              "version": "4.19",
              "versionType": "custom"
            },
            {
              "lessThan": "5.1.11",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jonathan Looney from Netflix"
        }
      ],
      "datePublic": "2019-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:56",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "name": "VU#905115",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/905115"
        },
        {
          "name": "RHSA-2019:1594",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1594"
        },
        {
          "name": "RHSA-2019:1602",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1602"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
        },
        {
          "name": "RHSA-2019:1699",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1699"
        },
        {
          "name": "20190722 [SECURITY] [DSA 4484-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/30"
        },
        {
          "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
        },
        {
          "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K26618426"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/4017-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "SACK can cause extensive memory use via fragmented resend queue",
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00.000Z",
          "ID": "CVE-2019-11478",
          "STATE": "PUBLIC",
          "TITLE": "SACK can cause extensive memory use via fragmented resend queue"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.4",
                            "version_value": "4.4.182"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.9",
                            "version_value": "4.9.182"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.14",
                            "version_value": "4.14.127"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.19",
                            "version_value": "4.19.52"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.1",
                            "version_value": "5.1.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Jonathan Looney from Netflix"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-770 Allocation of Resources Without Limits or Throttling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#905115",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/905115"
            },
            {
              "name": "RHSA-2019:1594",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1594"
            },
            {
              "name": "RHSA-2019:1602",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1602"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "name": "RHSA-2019:1699",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1699"
            },
            {
              "name": "20190722 [SECURITY] [DSA 4484-1] linux security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/30"
            },
            {
              "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
            },
            {
              "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md",
              "refsource": "MISC",
              "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic",
              "refsource": "MISC",
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/tcpsack",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
            },
            {
              "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_28",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190625-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
            },
            {
              "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
            },
            {
              "name": "https://support.f5.com/csp/article/K26618426",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K26618426"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
            },
            {
              "name": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
            }
          ]
        },
        "source": {
          "advisory": "https://usn.ubuntu.com/4017-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638"
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2019-11478",
    "datePublished": "2019-06-18T23:34:51.077803Z",
    "dateReserved": "2019-04-23T00:00:00",
    "dateUpdated": "2024-09-16T23:45:54.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8206
Vulnerability from cvelistv5
Published
2020-07-30 12:53
Modified
2024-08-04 09:56
Severity ?
Summary
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.638Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper authentication vulnerability exists in Pulse Connect Secure \u003c9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication - Generic (CWE-287)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-30T12:53:02",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8206",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper authentication vulnerability exists in Pulse Connect Secure \u003c9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Authentication - Generic (CWE-287)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8206",
    "datePublished": "2020-07-30T12:53:02",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8219
Vulnerability from cvelistv5
Published
2020-07-30 12:53
Modified
2024-08-04 09:56
Severity ?
Summary
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An insufficient permission check vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allows an attacker to change the password of a full administrator."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "Improper Handling of Insufficient Permissions or Privileges (CWE-280)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-30T12:53:02",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8219",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An insufficient permission check vulnerability exists in Pulse Connect Secure \u003c9.1R8 that allows an attacker to change the password of a full administrator."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Handling of Insufficient Permissions or Privileges (CWE-280)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8219",
    "datePublished": "2020-07-30T12:53:02",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-20810
Vulnerability from cvelistv5
Published
2019-03-16 03:00
Modified
2024-09-16 17:07
Severity ?
Summary
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:12:28.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-16T03:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20810",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20810",
    "datePublished": "2019-03-16T03:00:00Z",
    "dateReserved": "2019-03-15T00:00:00Z",
    "dateUpdated": "2024-09-16T17:07:45.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8221
Vulnerability from cvelistv5
Published
2020-07-30 12:53
Modified
2024-08-04 09:56
Severity ?
Summary
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.888Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A path traversal vulnerability exists in Pulse Connect Secure \u003c9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Path Traversal (CWE-22)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-30T12:53:02",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8221",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A path traversal vulnerability exists in Pulse Connect Secure \u003c9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Traversal (CWE-22)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8221",
    "datePublished": "2020-07-30T12:53:02",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11477
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-17 02:21
Summary
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
References
https://www.kb.cert.org/vuls/id/905115third-party-advisory, x_refsource_CERT-VN
http://www.openwall.com/lists/oss-security/2019/06/20/3mailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:1594vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1602vendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2019/06/28/2mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/3mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/4mailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:1699vendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2019/10/24/1mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/10/29/3mailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cffx_refsource_MISC
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.mdx_refsource_MISC
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanicx_refsource_MISC
https://access.redhat.com/security/vulnerabilities/tcpsackx_refsource_MISC
https://support.f5.com/csp/article/K78234183x_refsource_CONFIRM
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.htmlx_refsource_MISC
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193x_refsource_CONFIRM
https://www.synology.com/security/advisory/Synology_SA_19_28x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190625-0001/x_refsource_CONFIRM
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10287x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2019-0010.htmlx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfx_refsource_CONFIRM
https://www.us-cert.gov/ics/advisories/icsa-19-253-03x_refsource_MISC
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.htmlx_refsource_MISC
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-enx_refsource_CONFIRM
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txtx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#905115",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/905115"
          },
          {
            "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
          },
          {
            "name": "RHSA-2019:1594",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1594"
          },
          {
            "name": "RHSA-2019:1602",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1602"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "name": "RHSA-2019:1699",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1699"
          },
          {
            "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
          },
          {
            "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K78234183"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.4.182",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            },
            {
              "lessThan": "4.9.182",
              "status": "affected",
              "version": "4.9",
              "versionType": "custom"
            },
            {
              "lessThan": "4.14.127",
              "status": "affected",
              "version": "4.14",
              "versionType": "custom"
            },
            {
              "lessThan": "4.19.52",
              "status": "affected",
              "version": "4.19",
              "versionType": "custom"
            },
            {
              "lessThan": "5.1.11",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jonathan Looney from Netflix"
        }
      ],
      "datePublic": "2019-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:56",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "name": "VU#905115",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/905115"
        },
        {
          "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
        },
        {
          "name": "RHSA-2019:1594",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1594"
        },
        {
          "name": "RHSA-2019:1602",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1602"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
        },
        {
          "name": "RHSA-2019:1699",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1699"
        },
        {
          "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
        },
        {
          "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K78234183"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/4017-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs",
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "SACK Panic",
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00.000Z",
          "ID": "CVE-2019-11477",
          "STATE": "PUBLIC",
          "TITLE": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.4",
                            "version_value": "4.4.182"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.9",
                            "version_value": "4.9.182"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.14",
                            "version_value": "4.14.127"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.19",
                            "version_value": "4.19.52"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.1",
                            "version_value": "5.1.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Jonathan Looney from Netflix"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-190 Integer Overflow or Wraparound"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#905115",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/905115"
            },
            {
              "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
            },
            {
              "name": "RHSA-2019:1594",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1594"
            },
            {
              "name": "RHSA-2019:1602",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1602"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "name": "RHSA-2019:1699",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1699"
            },
            {
              "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
            },
            {
              "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
            },
            {
              "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md",
              "refsource": "MISC",
              "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic",
              "refsource": "MISC",
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/tcpsack",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
            },
            {
              "name": "https://support.f5.com/csp/article/K78234183",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K78234183"
            },
            {
              "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_28",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190625-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
            },
            {
              "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
            }
          ]
        },
        "source": {
          "advisory": "https://usn.ubuntu.com/4017-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637"
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2019-11477",
    "datePublished": "2019-06-18T23:34:51.026970Z",
    "dateReserved": "2019-04-23T00:00:00",
    "dateUpdated": "2024-09-17T02:21:15.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8238
Vulnerability from cvelistv5
Published
2020-09-29 13:41
Modified
2024-08-04 09:56
Severity ?
Summary
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure/ Pulse Policy Secure",
          "vendor": "Pulse Secure",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 9.1R8.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure \u003c 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (XSS) - Generic (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-01T14:27:38",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure/ Pulse Policy Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 9.1R8.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pulse Secure"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure \u003c 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588"
            },
            {
              "name": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/",
              "refsource": "MISC",
              "url": "https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8238",
    "datePublished": "2020-09-29T13:41:05",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11540
Vulnerability from cvelistv5
Published
2019-04-26 01:39
Modified
2024-08-04 22:55
Summary
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.780Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
          },
          {
            "name": "108073",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108073"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
          },
          {
            "name": "VU#927237",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/927237"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T17:06:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
        },
        {
          "name": "108073",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108073"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
        },
        {
          "name": "VU#927237",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/927237"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
            },
            {
              "name": "108073",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108073"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"
            },
            {
              "name": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf",
              "refsource": "MISC",
              "url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
            },
            {
              "name": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/",
              "refsource": "MISC",
              "url": "https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/"
            },
            {
              "name": "VU#927237",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/927237"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11540",
    "datePublished": "2019-04-26T01:39:49",
    "dateReserved": "2019-04-25T00:00:00",
    "dateUpdated": "2024-08-04T22:55:40.780Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11582
Vulnerability from cvelistv5
Published
2020-04-06 20:03
Modified
2024-08-04 11:35
Severity ?
Summary
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.)
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-08T20:06:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11582",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.lsd.cat/g/pulse-host-checker-rce",
              "refsource": "MISC",
              "url": "https://git.lsd.cat/g/pulse-host-checker-rce"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11582",
    "datePublished": "2020-04-06T20:03:20",
    "dateReserved": "2020-04-06T00:00:00",
    "dateUpdated": "2024-08-04T11:35:13.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}