Vulnerabilities > CVE-2020-8256 - XXE vulnerability in multiple products

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

pulsesecure

ivanti

CWE-611

NVD

Published: 2020-09-30

Updated: 2024-02-27

Summary

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Pulsesecure Pulsesecure Pulse Connect Secure 7.4 Pulsesecure Pulse Connect Secure 8.1R3.0 Pulsesecure Pulse Connect Secure 8.1R3.1 Pulsesecure Pulse Connect Secure 8.1R3.2 Pulsesecure Pulse Connect Secure 8.1R4.0 Pulsesecure Pulse Connect Secure 8.1R4.1 Pulsesecure Pulse Connect Secure 8.1R5.0 Pulsesecure Pulse Connect Secure 8.1R6.0 Pulsesecure Pulse Connect Secure 8.1R7.0 Pulsesecure Pulse Connect Secure 8.1R8.0 Pulsesecure Pulse Connect Secure 8.1R9.0 Pulsesecure Pulse Connect Secure 8.1R9.1 Pulsesecure Pulse Connect Secure 8.1R9.2 Pulsesecure Pulse Connect Secure 8.1R10.0 Pulsesecure Pulse Connect Secure 8.1R11.0 Pulsesecure Pulse Connect Secure 8.1R11.1 Pulsesecure Pulse Connect Secure 8.1R12.0 Pulsesecure Pulse Connect Secure 8.1R12.1 Pulsesecure Pulse Connect Secure 8.1R13.0 Pulsesecure Pulse Connect Secure 8.1R14.0 Pulsesecure Pulse Connect Secure 8.2R7.2 Pulsesecure Pulse Connect Secure 8.2R8.0 Pulsesecure Pulse Connect Secure 8.2R8.1 Pulsesecure Pulse Connect Secure 8.2R8.2 Pulsesecure Pulse Connect Secure 8.2R9.0	26
Application	Ivanti Ivanti Connect Secure 9.1	13

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References