Vulnerabilities > Pulsesecure > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-07-12 CVE-2017-11195 Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi.
network
low complexity
pulsesecure CWE-79
6.1
6.1
2017-07-12 CVE-2017-11194 Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi.
network
low complexity
pulsesecure CWE-79
6.1
6.1
2016-05-26 CVE-2016-4790 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
pulsesecure ivanti CWE-79
5.5
5.5
2016-05-26 CVE-2016-4789 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
pulsesecure ivanti CWE-79
6.1
6.1
2016-05-26 CVE-2016-4788 Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.
network
low complexity
ivanti pulsesecure
5.8
5.8
2016-04-12 CVE-2016-3985 Improper Access Control vulnerability in Pulsesecure Pulse Connect Secure 8.1R7/8.2R1
The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors.
network
low complexity
pulsesecure CWE-284
6.5
6.5
2016-03-01 CVE-2016-0800 Information Exposure vulnerability in multiple products
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
network
high complexity
openssl pulsesecure CWE-200
5.9
5.9