Vulnerabilities > Pulsesecure

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-30	CVE-2020-8204	Cross-site Scripting vulnerability in multiple products A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. network low complexity pulsesecure ivanti CWE-79	6.1
2020-07-28	CVE-2020-15408	Missing Authorization vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. network pulsesecure CWE-862	5.8
2020-07-27	CVE-2020-12880	An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. local low complexity pulsesecure ivanti	5.5
2020-06-16	CVE-2020-13162	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Pulsesecure products A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. local high complexity pulsesecure CWE-367	7.0
2020-04-06	CVE-2020-11582	Exposure of Resource to Wrong Sphere vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. low complexity pulsesecure CWE-668	3.3
2020-04-06	CVE-2020-11581	OS Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. network pulsesecure CWE-78 critical	9.3
2020-04-06	CVE-2020-11580	Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. network low complexity pulsesecure CWE-295	6.4
2019-06-28	CVE-2018-20814	Cross-site Scripting vulnerability in multiple products An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. network low complexity pulsesecure ivanti CWE-79	6.1
2019-06-28	CVE-2018-20812	Information Exposure vulnerability in Pulsesecure Pulse Secure Desktop Client An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. network low complexity pulsesecure CWE-200	5.0
2019-06-28	CVE-2018-20810	Inadequate Encryption Strength vulnerability in multiple products Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. network low complexity pulsesecure ivanti CWE-326 critical	9.8

Vulnerabilities > Pulsesecure {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Pulsesecure"}]}

Vulnerabilities > Pulsesecure