CVSS: 7.2EPSS: 1%CPEs: 24EXPL: 0CVE-2020-8219
https://notcve.org/view.php?id=CVE-2020-8219
30 Jul 2020 — An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. Se presenta una vulnerabilidad de comprobación de permisos insuficiente en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante cambiar la contraseña de un administrador completa • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-276: Incorrect Default Permissions CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 6.5EPSS: 6%CPEs: 24EXPL: 0CVE-2020-8220
https://notcve.org/view.php?id=CVE-2020-8220
30 Jul 2020 — A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. Se presenta una vulnerabilidad denegación de servicio en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado llevar a cabo una inyección de comandos por medio de la web del administrador que puede causar una DOS • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 2%CPEs: 24EXPL: 0CVE-2020-8221
https://notcve.org/view.php?id=CVE-2020-8221
30 Jul 2020 — A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado leer archivos arbitrarios por medio de la interfaz web del administrador • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8222
https://notcve.org/view.php?id=CVE-2020-8222
30 Jul 2020 — A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting. Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permitió a un atacante autenticado por medio de la interfaz web del administrador llevar a cabo una vulnerabilidad de lectura de archivos arbitraria por medio de Meeting • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8206
https://notcve.org/view.php?id=CVE-2020-8206
30 Jul 2020 — An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. Se presenta una vulnerabilidad de autenticación inapropiada en Pulse Connect Secure versiones anteriores a 9.1RB, que permite a un atacante con credenciales primarias de los usuarios omitir el TOTP de Google • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-12880
https://notcve.org/view.php?id=CVE-2020-12880
27 Jul 2020 — An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.) Se detectó un problema en Pulse Policy Se... • https://kb.pulsesecure.net/?atype=sa •
CVSS: 8.8EPSS: 9%CPEs: 97EXPL: 0CVE-2019-11509
https://notcve.org/view.php?id=CVE-2019-11509
03 Jun 2019 — In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance. En Pulse Secure Pulse Secure Connect (PCS) anterior de la versión 8.1R15.1, 8.2 anterior de la versión 8.2R12.1, 8.3 a... • https://kb.pulsesecure.net/?atype=sa •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 2CVE-2019-11507
https://notcve.org/view.php?id=CVE-2019-11507
08 May 2019 — In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. En Pulse Secure Pulse Connect Secure (PCS) 8.3.x versiones anteriores a 8.3R7.1 y 9.0.x anteriores a 9.0R3, se ha encontrado un problema de XSS en la página Application Launcher. • http://www.securityfocus.com/bid/108073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 6%CPEs: 115EXPL: 2CVE-2019-11508
https://notcve.org/view.php?id=CVE-2019-11508
08 May 2019 — In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. En Pulse Secure Pulse Connect Connect (PCS) versión anterior a 8.1R15.1, versión 8.2 anterior a 8.2 R12.1, versión 8.3 anterior a 8.3R7.1 y versión 9.0 anteior a 9.0R3.4, un atacante identificado (por medio de la interfaz web de administrador) puede opera... • http://www.securityfocus.com/bid/108073 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 94%CPEs: 37EXPL: 16CVE-2019-11510 – Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2019-11510
08 May 2019 — In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . En Pulse Secure Pulse Connect Secure (PCS) versión 8.2 en versiones anteriores a la 8.2R12.1, versión 8.3 en versiones anteriores a la 8.3R7.1 y versión 9.0 en versiones anteriores a la 9.0R3.4, un atacante remoto no autenticado puede enviar una URI especialmente diseñado para reali... • https://packetstorm.news/files/id/154176 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •