Vulnerabilities > Pulsesecure > Pulse Policy Secure > 9.0r2.1

DATE CVE VULNERABILITY TITLE RISK
2020-10-28 CVE-2020-8262 Cross-site Scripting vulnerability in multiple products
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
network
low complexity
pulsesecure ivanti CWE-79
6.1
6.1
2020-10-28 CVE-2020-8261 Classic Buffer Overflow vulnerability in multiple products
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
network
low complexity
pulsesecure ivanti CWE-120
4.3
4.3
2020-04-06 CVE-2020-11580 Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.
network
low complexity
pulsesecure CWE-295
critical
 9.1
9.1
2019-04-26 CVE-2019-11543 Cross-site Scripting vulnerability in multiple products
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
network
low complexity
pulsesecure ivanti CWE-79
6.1
6.1
2019-04-26 CVE-2019-11542 Out-of-bounds Write vulnerability in multiple products
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
network
low complexity
pulsesecure ivanti CWE-787
7.2
7.2
2019-04-26 CVE-2019-11540 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
network
low complexity
pulsesecure ivanti
critical
 9.8
9.8
2019-04-26 CVE-2019-11539 OS Command Injection vulnerability in multiple products
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
network
low complexity
pulsesecure ivanti CWE-78
7.2
7.2