Vulnerabilities > Pulsesecure > Pulse Connect Secure > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-04-06 CVE-2020-11581 OS Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
network
pulsesecure CWE-78
critical
 9.3
9.3
2019-04-26 CVE-2019-11540 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
network
low complexity
pulsesecure ivanti
critical
 9.8
9.8
2018-09-06 CVE-2018-6320 Improper Input Validation vulnerability in multiple products
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.
network
low complexity
pulsesecure ivanti CWE-20
critical
 9.8
9.8
2016-05-26 CVE-2016-4787 Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.
network
low complexity
ivanti pulsesecure
critical
 10.0
10