VYPR

Pulse Connect Secure

by Pulsesecure

CVEs (75)

  • CVE-2021-22938Aug 16, 2021
    risk 0.00cvss epss 0.02

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

  • CVE-2020-8263Oct 28, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

  • CVE-2020-8262Oct 28, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

  • CVE-2020-8261Oct 28, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.

  • CVE-2020-8256Sep 29, 2020
    risk 0.00cvss epss 0.03

    A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.

  • CVE-2020-8238Sep 29, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).

  • CVE-2020-8206Jul 30, 2020
    risk 0.00cvss epss 0.03

    An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.

  • CVE-2020-8221Jul 30, 2020
    risk 0.00cvss epss 0.02

    A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.

  • CVE-2020-8222Jul 30, 2020
    risk 0.00cvss epss 0.02

    A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.

  • CVE-2020-8219Jul 30, 2020
    risk 0.00cvss epss 0.02

    An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.

  • CVE-2020-8220Jul 30, 2020
    risk 0.00cvss epss 0.02

    A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.

  • CVE-2020-8204Jul 30, 2020
    risk 0.00cvss epss 0.02

    A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.

  • CVE-2020-8216Jul 30, 2020
    risk 0.00cvss epss 0.02

    An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.

  • CVE-2020-8217Jul 30, 2020
    risk 0.00cvss epss 0.01

    A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.

  • CVE-2020-15408Jul 28, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.

  • CVE-2020-12880Jul 27, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the…

  • CVE-2020-11582Apr 6, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be…

  • CVE-2020-11580Apr 6, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate.

  • CVE-2019-11509Jun 3, 2019
    risk 0.00cvss epss 0.08

    In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated…

  • CVE-2019-11507May 8, 2019
    risk 0.00cvss epss 0.04

    In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.