Vulnerabilities > Pulsesecure > Virtual Traffic Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-20307 | Information Exposure vulnerability in Pulsesecure Virtual Traffic Manager 10.4/17.2/9.9 Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation. | 4.3 |
| 2018-12-20 | CVE-2018-20306 | Cross-site Scripting vulnerability in Pulsesecure Virtual Traffic Manager 10.4/17.2/9.9 A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. | 5.4 |