Skip to main content

Pulse Connect Secure

58 CVEs product

Monthly

CVE-2022-21826 MEDIUM This Month

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Request Smuggling XSS Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
5.4
EPSS
45.2%
CVE-2021-22965 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-22938 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-22937 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
7.8%
CVE-2021-22936 MEDIUM This Month

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-22935 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-22934 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
4.7%
CVE-2021-22933 MEDIUM This Month

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22908 HIGH This Week

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
8.8
EPSS
69.4%
CVE-2021-22900 HIGH KEV THREAT This Week

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
14.1%
CVE-2020-8262 MEDIUM This Month

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Policy Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-8261 MEDIUM This Month

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connect Secure Policy Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2020-15352 HIGH This Week

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-8256 MEDIUM POC This Month

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
4.9
EPSS
3.4%
CVE-2020-8238 MEDIUM POC This Month

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connect Secure Policy Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-8222 MEDIUM This Month

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
6.8
EPSS
2.3%
CVE-2020-8221 MEDIUM This Month

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-8220 MEDIUM This Month

A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Command Injection Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-8219 HIGH This Week

An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-8217 MEDIUM This Month

A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Citrix Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-8216 MEDIUM This Month

An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
4.3
EPSS
2.3%
CVE-2020-8206 HIGH This Week

An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
8.1
EPSS
3.0%
CVE-2020-8204 MEDIUM This Month

A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-15408 MEDIUM This Month

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Pulse Connect Secure Pulse Secure Desktop Client
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2020-12880 MEDIUM This Month

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-11582 HIGH POC This Week

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Ivanti Information Disclosure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-11581 HIGH POC This Week

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Ivanti Command Injection Apple Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
8.1
EPSS
9.8%
CVE-2020-11580 CRITICAL POC Act Now

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Apple Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2019-11508 HIGH POC PATCH THREAT This Week

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Ivanti Path Traversal RCE Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
15.0%
CVE-2019-11543 MEDIUM This Month

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ivanti Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
6.1
EPSS
3.1%
CVE-2019-11542 HIGH POC THREAT This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Buffer Overflow Memory Corruption Connect Secure Pulse Connect Secure +1
NVD
CVSS 3.1
7.2
EPSS
66.1%
CVE-2019-11541 HIGH This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-11540 CRITICAL POC Act Now

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
9.8
EPSS
8.3%
CVE-2019-11213 HIGH This Week

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ivanti Session Fixation Connect Secure Pulse Connect Secure +1
NVD
CVSS 3.0
8.1
EPSS
2.8%
CVE-2018-18284 HIGH POC PATCH THREAT This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Gpl Ghostscript +7
NVD
CVSS 3.0
8.6
EPSS
16.3%
CVE-2018-6320 CRITICAL Act Now

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-14366 MEDIUM This Month

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Open Redirect Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-16513 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ghostscript Ubuntu Linux Debian Linux Gpl Ghostscript +1
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-15911 HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Gpl Ghostscript +7
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15910 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15909 HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Gpl Ghostscript +7
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-9849 MEDIUM This Month

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ivanti Pulse Connect Secure
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-5299 CRITICAL PATCH Act Now

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Ivanti RCE Buffer Overflow Pulse Connect Secure +1
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-11455 HIGH This Week

diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-11196 HIGH This Week

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pulse Connect Secure
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-11195 MEDIUM This Month

Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pulse Connect Secure
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-11194 MEDIUM This Month

Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pulse Connect Secure
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11193 HIGH This Week

Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pulse Connect Secure
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-4791 HIGH This Week

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Connect Secure Pulse Connect Secure
NVD
CVSS 3.0
8.6
EPSS
0.2%
CVE-2016-4790 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4789 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-4788 MEDIUM This Month

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure
NVD
CVSS 3.0
5.8
EPSS
0.2%
CVE-2016-4787 CRITICAL Act Now

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure
NVD
CVSS 3.0
10.0
EPSS
2.8%
CVE-2016-4786 HIGH This Week

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Connect Secure Pulse Connect Secure
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2016-3985 MEDIUM This Month

The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pulse Connect Secure
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-7323 LOW POC Monitor

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Juniper Privilege Escalation Pulse Connect Secure
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2015-7322 MEDIUM POC This Month

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Information Disclosure Pulse Connect Secure
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-5369 MEDIUM This Month

Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Information Disclosure Pulse Connect Secure
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 45% CVSS 5.4
MEDIUM This Month

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Request Smuggling XSS +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Connect Secure Pulse Connect Secure
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Connect Secure Pulse Connect Secure
NVD
EPSS 8% CVSS 7.2
HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Connect Secure Pulse Connect Secure
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Connect Secure Pulse Connect Secure
NVD
EPSS 5% CVSS 7.2
HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Connect Secure Pulse Connect Secure
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure
NVD
EPSS 69% CVSS 8.8
HIGH This Week

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE +2
NVD
EPSS 14% CVSS 7.2
HIGH KEV THREAT This Week

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Connect Secure +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Policy Secure +2
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connect Secure Policy Secure +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Connect Secure +3
NVD
EPSS 3% CVSS 4.9
MEDIUM POC This Month

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Connect Secure Pulse Connect Secure
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connect Secure Policy Secure +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure +2
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure +2
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Command Injection Connect Secure +3
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure +2
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Citrix Connect Secure +3
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure +2
NVD
EPSS 3% CVSS 8.1
HIGH This Week

An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Connect Secure +3
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure +2
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Pulse Connect Secure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Ivanti Information Disclosure +2
NVD
EPSS 10% CVSS 8.1
HIGH POC This Week

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Ivanti Command Injection Apple +2
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Apple +2
NVD
EPSS 15% CVSS 7.2
HIGH POC PATCH THREAT This Week

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Ivanti Path Traversal RCE +2
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ivanti Connect Secure +2
NVD
EPSS 66% CVSS 7.2
HIGH POC THREAT This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Buffer Overflow Memory Corruption +3
NVD
EPSS 4% CVSS 7.5
HIGH This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Connect Secure +1
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Connect Secure +2
NVD
EPSS 3% CVSS 8.1
HIGH This Week

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ivanti Session Fixation +3
NVD
EPSS 16% CVSS 8.6
HIGH POC PATCH THREAT This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +9
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Open Redirect Connect Secure +2
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ghostscript Ubuntu Linux +3
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Debian Linux Ubuntu Linux +9
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux +7
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux +9
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ivanti Pulse Connect Secure
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Ivanti RCE +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Connect Secure Pulse Connect Secure +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pulse Connect Secure
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pulse Connect Secure
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pulse Connect Secure
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pulse Connect Secure
NVD
EPSS 0% CVSS 8.6
HIGH This Week

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Connect Secure Pulse Connect Secure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Connect Secure Pulse Connect Secure
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pulse Connect Secure
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Juniper Privilege Escalation Pulse Connect Secure
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Information Disclosure Pulse Connect Secure
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Information Disclosure Pulse Connect Secure
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy