Vulnerabilities > Pulsesecure > Pulse Policy Secure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-30 | CVE-2020-8217 | Cross-site Scripting vulnerability in multiple products A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. | 5.4 |
| 2020-07-30 | CVE-2020-8216 | An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. | 4.3 |
| 2020-07-30 | CVE-2020-8206 | Improper Authentication vulnerability in multiple products An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. | 8.1 |
| 2020-07-30 | CVE-2020-8204 | Cross-site Scripting vulnerability in multiple products A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. | 6.1 |
| 2020-07-27 | CVE-2020-12880 | An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. | 5.5 |
| 2020-04-06 | CVE-2020-11582 | Exposure of Resource to Wrong Sphere vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 8.8 |
| 2020-04-06 | CVE-2020-11581 | OS Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 8.1 |
| 2020-04-06 | CVE-2020-11580 | Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 9.1 |
| 2019-06-28 | CVE-2018-20814 | Cross-site Scripting vulnerability in multiple products An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. | 6.1 |
| 2019-06-28 | CVE-2018-20810 | Inadequate Encryption Strength vulnerability in multiple products Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. | 9.8 |