8.1r2.1

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-27	CVE-2021-22899	Command Injection vulnerability in multiple products A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature network low complexity pulsesecure ivanti CWE-77	8.8
2021-05-27	CVE-2021-22900	Incorrect Resource Transfer Between Spheres vulnerability in multiple products A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. network low complexity pulsesecure ivanti CWE-669	7.2
2020-10-28	CVE-2020-8262	Cross-site Scripting vulnerability in multiple products A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. network low complexity pulsesecure ivanti CWE-79	6.1
2020-10-28	CVE-2020-8261	Classic Buffer Overflow vulnerability in multiple products A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. network low complexity pulsesecure ivanti CWE-120	4.3
2020-07-28	CVE-2020-15408	Missing Authorization vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. network pulsesecure CWE-862	5.8
2020-04-06	CVE-2020-11582	Exposure of Resource to Wrong Sphere vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. low complexity pulsesecure CWE-668	3.3
2020-04-06	CVE-2020-11581	OS Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. network pulsesecure CWE-78 critical	9.3
2020-04-06	CVE-2020-11580	Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. network low complexity pulsesecure CWE-295	6.4
2019-04-12	CVE-2019-11213	Session Fixation vulnerability in multiple products In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. network high complexity pulsesecure ivanti CWE-384	8.1
2018-05-10	CVE-2018-9849	Unspecified vulnerability in Pulsesecure Pulse Connect Secure Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document. network pulsesecure	4.3