Vulnerabilities > CVE-2020-8256 - XXE vulnerability in multiple products

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

pulsesecure

ivanti

CWE-611

NVD

Published: 2020-09-30

Updated: 2024-11-21

Summary

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Pulsesecure Pulsesecure Pulse Connect Secure - Pulsesecure Pulse Connect Secure 7.1 Pulsesecure Pulse Connect Secure 7.4 Pulsesecure Pulse Connect Secure 7.4R1.0 Pulsesecure Pulse Connect Secure 7.4R2.0 Pulsesecure Pulse Connect Secure 7.4R3.0 Pulsesecure Pulse Connect Secure 7.4R4.0 Pulsesecure Pulse Connect Secure 7.4R5.0 Pulsesecure Pulse Connect Secure 7.4R6.0 Pulsesecure Pulse Connect Secure 7.4R7.0 Pulsesecure Pulse Connect Secure 7.4R8.0 Pulsesecure Pulse Connect Secure 7.4R9.0 Pulsesecure Pulse Connect Secure 7.4R9.1 Pulsesecure Pulse Connect Secure 7.4R9.2 Pulsesecure Pulse Connect Secure 7.4R9.3 Pulsesecure Pulse Connect Secure 7.4R10.0 Pulsesecure Pulse Connect Secure 7.4R11.0 Pulsesecure Pulse Connect Secure 7.4R11.1 Pulsesecure Pulse Connect Secure 7.4R12.0 Pulsesecure Pulse Connect Secure 7.4R13.0 Pulsesecure Pulse Connect Secure 7.4R13.1 Pulsesecure Pulse Connect Secure 7.4R13.2 Pulsesecure Pulse Connect Secure 7.4R13.3 Pulsesecure Pulse Connect Secure 8.0 Pulsesecure Pulse Connect Secure 8.0R1.0 Pulsesecure Pulse Connect Secure 8.0R1.1 Pulsesecure Pulse Connect Secure 8.0R2.0 Pulsesecure Pulse Connect Secure 8.0R3.0 Pulsesecure Pulse Connect Secure 8.0R3.1 Pulsesecure Pulse Connect Secure 8.0R3.2 Pulsesecure Pulse Connect Secure 8.0R4.0 Pulsesecure Pulse Connect Secure 8.0R4.1 Pulsesecure Pulse Connect Secure 8.0R5.0 Pulsesecure Pulse Connect Secure 8.0R6.0 Pulsesecure Pulse Connect Secure 8.0R7.0 Pulsesecure Pulse Connect Secure 8.0R7.1 Pulsesecure Pulse Connect Secure 8.0R8.0 Pulsesecure Pulse Connect Secure 8.0R8.1 Pulsesecure Pulse Connect Secure 8.0R9.0 Pulsesecure Pulse Connect Secure 8.0R10.0 Pulsesecure Pulse Connect Secure 8.0R13.0 Pulsesecure Pulse Connect Secure 8.0R13.1 Pulsesecure Pulse Connect Secure 8.0R15.0 Pulsesecure Pulse Connect Secure 8.0R15.1 Pulsesecure Pulse Connect Secure 8.0R16.0 Pulsesecure Pulse Connect Secure 8.0R16.1 Pulsesecure Pulse Connect Secure 8.0R17.0 Pulsesecure Pulse Connect Secure 8.1 Pulsesecure Pulse Connect Secure 8.1R1.0 Pulsesecure Pulse Connect Secure 8.1R1.1 Pulsesecure Pulse Connect Secure 8.1R2.0 Pulsesecure Pulse Connect Secure 8.1R2.1 Pulsesecure Pulse Connect Secure 8.1R3.0 Pulsesecure Pulse Connect Secure 8.1R3.1 Pulsesecure Pulse Connect Secure 8.1R3.2 Pulsesecure Pulse Connect Secure 8.1R4.0 Pulsesecure Pulse Connect Secure 8.1R4.1 Pulsesecure Pulse Connect Secure 8.1R5.0 Pulsesecure Pulse Connect Secure 8.1R6.0 Pulsesecure Pulse Connect Secure 8.1R7.0 Pulsesecure Pulse Connect Secure 8.1R8.0 Pulsesecure Pulse Connect Secure 8.1R9.0 Pulsesecure Pulse Connect Secure 8.1R9.1 Pulsesecure Pulse Connect Secure 8.1R9.2 Pulsesecure Pulse Connect Secure 8.1R10.0 Pulsesecure Pulse Connect Secure 8.1R11.0 Pulsesecure Pulse Connect Secure 8.1R11.1 Pulsesecure Pulse Connect Secure 8.1R12.0 Pulsesecure Pulse Connect Secure 8.1R12.1 Pulsesecure Pulse Connect Secure 8.1R13.0 Pulsesecure Pulse Connect Secure 8.1R14.0 Pulsesecure Pulse Connect Secure 8.1Rx Pulsesecure Pulse Connect Secure 8.2 Pulsesecure Pulse Connect Secure 8.2R1.0 Pulsesecure Pulse Connect Secure 8.2R1.1 Pulsesecure Pulse Connect Secure 8.2R2.0 Pulsesecure Pulse Connect Secure 8.2R3.0 Pulsesecure Pulse Connect Secure 8.2R3.1 Pulsesecure Pulse Connect Secure 8.2R4.0 Pulsesecure Pulse Connect Secure 8.2R4.1 Pulsesecure Pulse Connect Secure 8.2R5.0 Pulsesecure Pulse Connect Secure 8.2R5.1 Pulsesecure Pulse Connect Secure 8.2R6.0 Pulsesecure Pulse Connect Secure 8.2R7.0 Pulsesecure Pulse Connect Secure 8.2R7.1 Pulsesecure Pulse Connect Secure 8.2R7.2 Pulsesecure Pulse Connect Secure 8.2R8.0 Pulsesecure Pulse Connect Secure 8.2R8.1 Pulsesecure Pulse Connect Secure 8.2R8.2 Pulsesecure Pulse Connect Secure 8.2R9.0 Pulsesecure Pulse Connect Secure 8.2R10.0 Pulsesecure Pulse Connect Secure 8.2R11.0 Pulsesecure Pulse Connect Secure 8.2R12.0 Pulsesecure Pulse Connect Secure 8.2Rx Pulsesecure Pulse Connect Secure 8.3 Pulsesecure Pulse Connect Secure 8.3R1 Pulsesecure Pulse Connect Secure 8.3R1.1 Pulsesecure Pulse Connect Secure 8.3R2 Pulsesecure Pulse Connect Secure 8.3R2.1 Pulsesecure Pulse Connect Secure 8.3R3 Pulsesecure Pulse Connect Secure 8.3R4 Pulsesecure Pulse Connect Secure 8.3R5 Pulsesecure Pulse Connect Secure 8.3R5.1 Pulsesecure Pulse Connect Secure 8.3R5.2 Pulsesecure Pulse Connect Secure 8.3R6 Pulsesecure Pulse Connect Secure 8.3R6.1 Pulsesecure Pulse Connect Secure 8.3R7 Pulsesecure Pulse Connect Secure 8.3Rx Pulsesecure Pulse Connect Secure 9.0	260
Application	Ivanti Ivanti Connect Secure 9.1	13

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References