Critical severity9.8NVD Advisory· Published Apr 26, 2019· Updated Jun 17, 2026
CVE-2019-11540
CVE-2019-11540
Description
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <9.0R3.4
- Range: <9.0R3.2
Patches
Vulnerability mechanics
References
6- devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/nvdExploitThird Party Advisory
- i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfnvdExploitThird Party Advisory
- www.securityfocus.com/bid/108073nvdThird Party AdvisoryVDB Entry
- kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101nvdThird Party AdvisoryVendor Advisory
- psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010nvdThird Party Advisory
- www.kb.cert.org/vuls/id/927237nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.