Vulnerabilities > Pulsesecure > Pulse Connect Secure > 8.3r5.2

DATE CVE VULNERABILITY TITLE RISK
2020-07-30 CVE-2020-8216 An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.
network
low complexity
pulsesecure ivanti
4.3
4.3
2020-07-30 CVE-2020-8206 Improper Authentication vulnerability in multiple products
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
network
high complexity
pulsesecure ivanti CWE-287
8.1
8.1
2020-07-30 CVE-2020-8204 Cross-site Scripting vulnerability in multiple products
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
network
low complexity
pulsesecure ivanti CWE-79
6.1
6.1
2020-07-28 CVE-2020-15408 Unspecified vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8.
network
low complexity
pulsesecure
4.6
4.6
2020-07-27 CVE-2020-12880 An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8.
local
low complexity
pulsesecure ivanti
5.5
5.5
2020-04-06 CVE-2020-11582 Exposure of Resource to Wrong Sphere vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
low complexity
pulsesecure CWE-668
8.8
8.8
2020-04-06 CVE-2020-11581 OS Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
network
high complexity
pulsesecure CWE-78
8.1
8.1
2020-04-06 CVE-2020-11580 Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
network
low complexity
pulsesecure CWE-295
critical
 9.1
9.1
2019-04-12 CVE-2019-11213 Session Fixation vulnerability in multiple products
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573.
network
high complexity
pulsesecure ivanti CWE-384
8.1
8.1
2018-10-19 CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
local
low complexity
artifex debian canonical redhat pulsesecure
8.6
8.6