CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 1CVE-2020-8256
https://notcve.org/view.php?id=CVE-2020-8256
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability. Una vulnerabilidad en la interfaz de administración web de Pulse Connect Secure versiones anteriores a 9.1R8.2, podría permitir a un atacante autenticado obtener acceso arbitrario de lectura de archivos por medio de Pulse Collaboration mediante una vulnerabilidad de tipo XML External Entity (XXE) • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 1CVE-2020-8238
https://notcve.org/view.php?id=CVE-2020-8238
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure y Pulse Policy Secure versiones anteriores a 9.1R8.2, podría permitir a atacantes llevar a cabo un ataque de tipo Cross-Site Scripting (XSS) • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8222
https://notcve.org/view.php?id=CVE-2020-8222
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting. Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permitió a un atacante autenticado por medio de la interfaz web del administrador llevar a cabo una vulnerabilidad de lectura de archivos arbitraria por medio de Meeting • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8219
https://notcve.org/view.php?id=CVE-2020-8219
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. Se presenta una vulnerabilidad de comprobación de permisos insuficiente en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante cambiar la contraseña de un administrador completa • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-276: Incorrect Default Permissions CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8204
https://notcve.org/view.php?id=CVE-2020-8204
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. Se presenta una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R5, en la Página PSAL • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •