Skip to main content

Pulse Secure Desktop Client

17 CVEs product

Monthly

CVE-2020-8263 MEDIUM This Month

A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pulse Secure Desktop Client
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-8255 MEDIUM This Month

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pulse Secure Desktop Client
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-8254 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ivanti Microsoft Pulse Secure Desktop Client
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-8250 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8249 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8248 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8241 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Ivanti Information Disclosure Pulse Secure Desktop Client
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-8240 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Microsoft Information Disclosure Pulse Secure Desktop Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8239 CRITICAL Act Now

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Microsoft Pulse Secure Desktop Client
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-15408 MEDIUM This Month

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Pulse Connect Secure Pulse Secure Desktop Client
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2020-13162 HIGH POC This Week

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Ivanti Microsoft Information Disclosure Pulse Secure Desktop Client Pulse Secure Installer Service
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2019-11213 HIGH This Week

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ivanti Session Fixation Connect Secure Pulse Connect Secure +1
NVD
CVSS 3.0
8.1
EPSS
2.8%
CVE-2018-11002 MEDIUM POC This Month

Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-16261 MEDIUM This Month

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2018-15865 HIGH This Week

The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Apple Pulse Secure Desktop Client
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-15749 MEDIUM This Month

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Apple Pulse Secure Desktop Client
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-15726 MEDIUM This Month

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Ivanti Command Injection Pulse Secure Desktop Client
NVD
CVSS 3.0
5.3
EPSS
0.3%
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pulse Secure Desktop Client
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pulse Secure Desktop Client
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ivanti Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Pulse Secure Desktop Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Ivanti Information Disclosure Pulse Secure Desktop Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Microsoft Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Microsoft +1
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Pulse Connect Secure +1
NVD
EPSS 1% CVSS 7.0
HIGH POC This Week

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Ivanti Microsoft Information Disclosure +2
NVD
EPSS 3% CVSS 8.1
HIGH This Week

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ivanti Session Fixation +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ivanti +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Apple +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Ivanti +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy