CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8217
https://notcve.org/view.php?id=CVE-2020-8217
30 Jul 2020 — A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R8, permitió a atacantes explotar en la URL usada por Citrix ICA • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 5%CPEs: 24EXPL: 2CVE-2020-8218 – Pulse Connect Secure Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-8218
30 Jul 2020 — A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. Se presenta una vulnerabilidad de inyección de código en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante diseñar un URI para llevar a cabo una ejecución de código arbitraria por medio de la interfaz web de administración A code injection vulnerability exists in Pulse Connect Secure that allows an attacke... • https://github.com/withdk/pulse-gosecure-rce-poc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-12880
https://notcve.org/view.php?id=CVE-2020-12880
27 Jul 2020 — An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.) Se detectó un problema en Pulse Policy Se... • https://kb.pulsesecure.net/?atype=sa •