Pulse Connect Secure
by Pulsesecure
CVEs (75)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22938 | 0.00 | — | 0.02 | Aug 16, 2021 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. | |||
| CVE-2020-8263 | 0.00 | — | 0.01 | Oct 28, 2020 | A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. | |||
| CVE-2020-8262 | 0.00 | — | 0.02 | Oct 28, 2020 | A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. | |||
| CVE-2020-8261 | 0.00 | — | 0.02 | Oct 28, 2020 | A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. | |||
| CVE-2020-8256 | 0.00 | — | 0.03 | Sep 29, 2020 | A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability. | |||
| CVE-2020-8238 | 0.00 | — | 0.02 | Sep 29, 2020 | A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). | |||
| CVE-2020-8206 | 0.00 | — | 0.03 | Jul 30, 2020 | An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. | |||
| CVE-2020-8221 | 0.00 | — | 0.02 | Jul 30, 2020 | A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. | |||
| CVE-2020-8222 | 0.00 | — | 0.02 | Jul 30, 2020 | A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting. | |||
| CVE-2020-8219 | 0.00 | — | 0.02 | Jul 30, 2020 | An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. | |||
| CVE-2020-8220 | 0.00 | — | 0.02 | Jul 30, 2020 | A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. | |||
| CVE-2020-8204 | 0.00 | — | 0.02 | Jul 30, 2020 | A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. | |||
| CVE-2020-8216 | 0.00 | — | 0.02 | Jul 30, 2020 | An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. | |||
| CVE-2020-8217 | 0.00 | — | 0.01 | Jul 30, 2020 | A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. | |||
| CVE-2020-15408 | 0.00 | — | 0.01 | Jul 28, 2020 | An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite. | |||
| CVE-2020-12880 | 0.00 | — | 0.00 | Jul 27, 2020 | An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the… | |||
| CVE-2020-11582 | 0.00 | — | 0.01 | Apr 6, 2020 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be… | |||
| CVE-2020-11580 | 0.00 | — | 0.01 | Apr 6, 2020 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. | |||
| CVE-2019-11509 | 0.00 | — | 0.08 | Jun 3, 2019 | In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated… | |||
| CVE-2019-11507 | 0.00 | — | 0.04 | May 8, 2019 | In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. |
- CVE-2021-22938Aug 16, 2021risk 0.00cvss —epss 0.02
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
- CVE-2020-8263Oct 28, 2020risk 0.00cvss —epss 0.01
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
- CVE-2020-8262Oct 28, 2020risk 0.00cvss —epss 0.02
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
- CVE-2020-8261Oct 28, 2020risk 0.00cvss —epss 0.02
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
- CVE-2020-8256Sep 29, 2020risk 0.00cvss —epss 0.03
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.
- CVE-2020-8238Sep 29, 2020risk 0.00cvss —epss 0.02
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).
- CVE-2020-8206Jul 30, 2020risk 0.00cvss —epss 0.03
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
- CVE-2020-8221Jul 30, 2020risk 0.00cvss —epss 0.02
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.
- CVE-2020-8222Jul 30, 2020risk 0.00cvss —epss 0.02
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.
- CVE-2020-8219Jul 30, 2020risk 0.00cvss —epss 0.02
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
- CVE-2020-8220Jul 30, 2020risk 0.00cvss —epss 0.02
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
- CVE-2020-8204Jul 30, 2020risk 0.00cvss —epss 0.02
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
- CVE-2020-8216Jul 30, 2020risk 0.00cvss —epss 0.02
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.
- CVE-2020-8217Jul 30, 2020risk 0.00cvss —epss 0.01
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.
- CVE-2020-15408Jul 28, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
- CVE-2020-12880Jul 27, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the…
- CVE-2020-11582Apr 6, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be…
- CVE-2020-11580Apr 6, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate.
- CVE-2019-11509Jun 3, 2019risk 0.00cvss —epss 0.08
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated…
- CVE-2019-11507May 8, 2019risk 0.00cvss —epss 0.04
In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.
Page 3 of 4