Vulnerabilities > Pulsesecure > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-30 | CVE-2020-8216 | An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. | 4.3 |
| 2020-07-30 | CVE-2020-8204 | Cross-site Scripting vulnerability in multiple products A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. | 6.1 |
| 2020-07-28 | CVE-2020-15408 | Missing Authorization vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. | 5.8 |
| 2020-07-27 | CVE-2020-12880 | An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. | 5.5 |
| 2020-04-06 | CVE-2020-11580 | Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 6.4 |
| 2019-06-28 | CVE-2018-20814 | Cross-site Scripting vulnerability in multiple products An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. | 6.1 |
| 2019-06-28 | CVE-2018-20812 | Information Exposure vulnerability in Pulsesecure Pulse Secure Desktop Client An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. | 5.0 |
| 2019-04-26 | CVE-2019-11543 | Cross-site Scripting vulnerability in multiple products XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. | 6.1 |
| 2018-12-21 | CVE-2018-20193 | Improper Privilege Management vulnerability in Pulsesecure Secure Access Series SSL VPN Sa-4000 4.2/5.1R5 Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). | 4.0 |
| 2018-12-20 | CVE-2018-20307 | Information Exposure vulnerability in Pulsesecure Virtual Traffic Manager 10.4R1/17.2R1 Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation. | 4.0 |