Vulnerabilities > Ivanti > Policy Secure > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-30 CVE-2020-8219 Incorrect Default Permissions vulnerability in multiple products
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
network
low complexity
pulsesecure ivanti CWE-276
7.2
7.2
2020-07-30 CVE-2020-8218 Code Injection vulnerability in multiple products
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
network
low complexity
pulsesecure ivanti CWE-94
7.2
7.2
2020-07-30 CVE-2020-8206 Improper Authentication vulnerability in multiple products
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
network
high complexity
pulsesecure ivanti CWE-287
8.1
8.1
2019-06-03 CVE-2019-11509 In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.
network
low complexity
ivanti pulsesecure
8.8
8.8