Vulnerabilities > Pulsesecure > Pulse Connect Secure > 9.0rx

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-22899 Command Injection vulnerability in multiple products
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
network
low complexity
pulsesecure ivanti CWE-77
8.8
8.8
2021-05-27 CVE-2021-22908 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user.
network
low complexity
pulsesecure ivanti CWE-120
8.8
8.8
2020-07-28 CVE-2020-15408 Missing Authorization vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. 		5.8
5.8
2020-04-06 CVE-2020-11582 Exposure of Resource to Wrong Sphere vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
low complexity
pulsesecure CWE-668
3.3
3.3
2020-04-06 CVE-2020-11581 OS Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
network
pulsesecure CWE-78
critical
 9.3
9.3
2020-04-06 CVE-2020-11580 Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
network
low complexity
pulsesecure CWE-295
6.4
6.4
2019-04-26 CVE-2019-11543 Cross-site Scripting vulnerability in multiple products
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
network
low complexity
pulsesecure ivanti CWE-79
6.1
6.1
2019-04-26 CVE-2019-11542 Out-of-bounds Write vulnerability in multiple products
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
network
low complexity
pulsesecure ivanti CWE-787
7.2
7.2
2019-04-26 CVE-2019-11541 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
network
low complexity
pulsesecure ivanti
7.5
7.5
2019-04-26 CVE-2019-11540 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
network
low complexity
pulsesecure ivanti
critical
 9.8
9.8