CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8220
https://notcve.org/view.php?id=CVE-2020-8220
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. Se presenta una vulnerabilidad denegación de servicio en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado llevar a cabo una inyección de comandos por medio de la web del administrador que puede causar una DOS • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8216
https://notcve.org/view.php?id=CVE-2020-8216
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. Una vulnerabilidad de divulgación de información en la reunión de Pulse Connect Secure versiones anteriores a 9.1R8, permitió a usuarios finales autenticados encontrar detalles de la reunión, si conocen el ID de Reunión • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8217
https://notcve.org/view.php?id=CVE-2020-8217
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R8, permitió a atacantes explotar en la URL usada por Citrix ICA • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8221
https://notcve.org/view.php?id=CVE-2020-8221
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado leer archivos arbitrarios por medio de la interfaz web del administrador • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 2%CPEs: 24EXPL: 1CVE-2020-8218 – Pulse Connect Secure Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-8218
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. Se presenta una vulnerabilidad de inyección de código en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante diseñar un URI para llevar a cabo una ejecución de código arbitraria por medio de la interfaz web de administración A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure • CWE-94: Improper Control of Generation of Code ('Code Injection') •