Vulnerabilities > CVE-2020-15408 - Missing Authorization vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

pulsesecure

CWE-862

NVD

Published: 2020-07-28

Updated: 2021-07-21

Summary

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.

Vulnerable Configurations

Part	Description	Count
Application	Pulsesecure Pulsesecure Pulse Connect Secure - Pulsesecure Pulse Connect Secure 7.1 Pulsesecure Pulse Connect Secure 7.4 Pulsesecure Pulse Connect Secure 7.4R1.0 Pulsesecure Pulse Connect Secure 7.4R2.0 Pulsesecure Pulse Connect Secure 7.4R3.0 Pulsesecure Pulse Connect Secure 7.4R4.0 Pulsesecure Pulse Connect Secure 7.4R5.0 Pulsesecure Pulse Connect Secure 7.4R6.0 Pulsesecure Pulse Connect Secure 7.4R7.0 Pulsesecure Pulse Connect Secure 7.4R8.0 Pulsesecure Pulse Connect Secure 7.4R9.0 Pulsesecure Pulse Connect Secure 7.4R9.1 Pulsesecure Pulse Connect Secure 7.4R9.2 Pulsesecure Pulse Connect Secure 7.4R9.3 Pulsesecure Pulse Connect Secure 7.4R10.0 Pulsesecure Pulse Connect Secure 7.4R11.0 Pulsesecure Pulse Connect Secure 7.4R11.1 Pulsesecure Pulse Connect Secure 7.4R12.0 Pulsesecure Pulse Connect Secure 7.4R13.0 Pulsesecure Pulse Connect Secure 7.4R13.1 Pulsesecure Pulse Connect Secure 7.4R13.2 Pulsesecure Pulse Connect Secure 7.4R13.3 Pulsesecure Pulse Connect Secure 8.0 Pulsesecure Pulse Connect Secure 8.0R1.0 Pulsesecure Pulse Connect Secure 8.0R1.1 Pulsesecure Pulse Connect Secure 8.0R2.0 Pulsesecure Pulse Connect Secure 8.0R3.0 Pulsesecure Pulse Connect Secure 8.0R3.1 Pulsesecure Pulse Connect Secure 8.0R3.2 Pulsesecure Pulse Connect Secure 8.0R4.0 Pulsesecure Pulse Connect Secure 8.0R4.1 Pulsesecure Pulse Connect Secure 8.0R5.0 Pulsesecure Pulse Connect Secure 8.0R6.0 Pulsesecure Pulse Connect Secure 8.0R7.0 Pulsesecure Pulse Connect Secure 8.0R7.1 Pulsesecure Pulse Connect Secure 8.0R8.0 Pulsesecure Pulse Connect Secure 8.0R8.1 Pulsesecure Pulse Connect Secure 8.0R9.0 Pulsesecure Pulse Connect Secure 8.0R10.0 Pulsesecure Pulse Connect Secure 8.0R13.0 Pulsesecure Pulse Connect Secure 8.0R13.1 Pulsesecure Pulse Connect Secure 8.0R15.0 Pulsesecure Pulse Connect Secure 8.0R15.1 Pulsesecure Pulse Connect Secure 8.0R16.0 Pulsesecure Pulse Connect Secure 8.0R16.1 Pulsesecure Pulse Connect Secure 8.0R17.0 Pulsesecure Pulse Connect Secure 8.1 Pulsesecure Pulse Connect Secure 8.1R1.0 Pulsesecure Pulse Connect Secure 8.1R1.1 Pulsesecure Pulse Connect Secure 8.1R2.0 Pulsesecure Pulse Connect Secure 8.1R2.1 Pulsesecure Pulse Connect Secure 8.1R3.0 Pulsesecure Pulse Connect Secure 8.1R3.1 Pulsesecure Pulse Connect Secure 8.1R3.2 Pulsesecure Pulse Connect Secure 8.1R4.0 Pulsesecure Pulse Connect Secure 8.1R4.1 Pulsesecure Pulse Connect Secure 8.1R5.0 Pulsesecure Pulse Connect Secure 8.1R6.0 Pulsesecure Pulse Connect Secure 8.1R7.0 Pulsesecure Pulse Connect Secure 8.1R8.0 Pulsesecure Pulse Connect Secure 8.1R9.0 Pulsesecure Pulse Connect Secure 8.1R9.1 Pulsesecure Pulse Connect Secure 8.1R9.2 Pulsesecure Pulse Connect Secure 8.1R10.0 Pulsesecure Pulse Connect Secure 8.1R11.0 Pulsesecure Pulse Connect Secure 8.1R11.1 Pulsesecure Pulse Connect Secure 8.1R12.0 Pulsesecure Pulse Connect Secure 8.1R12.1 Pulsesecure Pulse Connect Secure 8.1R13.0 Pulsesecure Pulse Connect Secure 8.1R14.0 Pulsesecure Pulse Connect Secure 8.1Rx Pulsesecure Pulse Connect Secure 8.2 Pulsesecure Pulse Connect Secure 8.2R7.2 Pulsesecure Pulse Connect Secure 8.2R8.0 Pulsesecure Pulse Connect Secure 8.2R8.1 Pulsesecure Pulse Connect Secure 8.2R8.2 Pulsesecure Pulse Connect Secure 8.2R9.0 Pulsesecure Pulse Connect Secure 8.2R10.0 Pulsesecure Pulse Connect Secure 8.2R11.0 Pulsesecure Pulse Connect Secure 8.2R12.0 Pulsesecure Pulse Connect Secure 8.2Rx Pulsesecure Pulse Connect Secure 8.3 Pulsesecure Pulse Connect Secure 8.3R1 Pulsesecure Pulse Connect Secure 8.3R1.1 Pulsesecure Pulse Connect Secure 8.3R2 Pulsesecure Pulse Connect Secure 8.3R2.1 Pulsesecure Pulse Connect Secure 8.3R3 Pulsesecure Pulse Connect Secure 8.3R4 Pulsesecure Pulse Connect Secure 8.3R5 Pulsesecure Pulse Connect Secure 8.3R5.1 Pulsesecure Pulse Connect Secure 8.3R5.2 Pulsesecure Pulse Connect Secure 8.3R6 Pulsesecure Pulse Connect Secure 8.3R6.1 Pulsesecure Pulse Connect Secure 8.3R7 Pulsesecure Pulse Connect Secure 8.3Rx Pulsesecure Pulse Connect Secure 9.0 Pulsesecure Pulse Connect Secure 9.0Rx Pulsesecure Pulse Secure Desktop Client 9.1	258

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References