Vulnerabilities > Ivanti > Connect Secure > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2019-11543 Cross-site Scripting vulnerability in multiple products
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
network
low complexity
pulsesecure ivanti CWE-79
6.1
6.1
2018-09-06 CVE-2018-14366 Open Redirect vulnerability in multiple products
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
network
low complexity
pulsesecure ivanti CWE-601
6.1
6.1
2016-05-26 CVE-2016-4792 Unspecified vulnerability in Ivanti Connect Secure 8.2
Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.
network
low complexity
ivanti
5.3
5.3
2016-05-26 CVE-2016-4790 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
pulsesecure ivanti CWE-79
5.5
5.5
2016-05-26 CVE-2016-4789 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
pulsesecure ivanti CWE-79
6.1
6.1
2016-05-26 CVE-2016-4788 Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.
network
low complexity
ivanti pulsesecure
5.8
5.8