Vulnerabilities > CVE-2020-15352 - XXE vulnerability in multiple products

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
pulsesecure
ivanti
CWE-611

Summary

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Vulnerable Configurations

Part Description Count
Application
Pulsesecure
433
Application
Ivanti
25