Vulnerabilities > CVE-2018-9849 - Unspecified vulnerability in Pulsesecure Pulse Connect Secure
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
Vulnerable Configurations
Nessus
| NASL family | Misc. |
| NASL id | PULSE_CONNECT_SECURE-SA-43730.NASL |
| description | According to its self-reported version, the version of Pulse Connect Secure running on the remote host is affected by multiple vulnerabilities. Refer to the vendor advisory for additional information. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 109919 |
| published | 2018-05-18 |
| reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/109919 |
| title | Pulse Connect Secure Multiple Vulnerabilities (SA43730) |