Vulnerabilities > Pulsesecure > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-16 | CVE-2021-22887 | A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. | 2.1 |
| 2020-10-28 | CVE-2020-8263 | Cross-site Scripting vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1 A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. | 3.5 |
| 2020-10-27 | CVE-2020-8956 | Weak Password Requirements vulnerability in Pulsesecure Pulse Secure Desktop Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled. | 1.9 |
| 2020-04-06 | CVE-2020-11582 | Exposure of Resource to Wrong Sphere vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 3.3 |
| 2018-12-20 | CVE-2018-20306 | Cross-site Scripting vulnerability in Pulsesecure Virtual Traffic Manager A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. | 3.5 |
| 2018-09-06 | CVE-2018-15749 | Use of Externally-Controlled Format String vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. | 2.1 |
| 2018-01-16 | CVE-2017-17947 | Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. | 3.5 |
| 2016-04-12 | CVE-2016-3985 | Improper Access Control vulnerability in Pulsesecure Pulse Connect Secure 8.1R7/8.2R1 The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors. | 3.3 |