8.1r9.1

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-30	CVE-2020-8216	An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. network low complexity pulsesecure ivanti	4.3
2020-07-30	CVE-2020-8206	Improper Authentication vulnerability in multiple products An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. network high complexity pulsesecure ivanti CWE-287	8.1
2020-07-30	CVE-2020-8204	Cross-site Scripting vulnerability in multiple products A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. network low complexity pulsesecure ivanti CWE-79	6.1
2020-07-28	CVE-2020-15408	Unspecified vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. network low complexity pulsesecure	4.6
2020-07-27	CVE-2020-12880	An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. local low complexity pulsesecure ivanti	5.5
2020-04-06	CVE-2020-11582	Exposure of Resource to Wrong Sphere vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. low complexity pulsesecure CWE-668	8.8
2020-04-06	CVE-2020-11581	OS Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. network high complexity pulsesecure CWE-78	8.1
2020-04-06	CVE-2020-11580	Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. network low complexity pulsesecure CWE-295 critical	9.1
2019-04-12	CVE-2019-11213	Session Fixation vulnerability in multiple products In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. network high complexity pulsesecure ivanti CWE-384	8.1
2018-05-10	CVE-2018-9849	Unspecified vulnerability in Pulsesecure Pulse Connect Secure Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document. local low complexity pulsesecure	5.5