CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2020-8262
https://notcve.org/view.php?id=CVE-2020-8262
28 Oct 2020 — A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones por debajo de 9.1R9, podría permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) y Redireccionamiento Abierto para la interfaz de usuario web autenticada • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2020-8261
https://notcve.org/view.php?id=CVE-2020-8261
28 Oct 2020 — A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones anteriores a 9.1R9, es vulnerable a una inyección de cookies arbitraria • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 6%CPEs: 27EXPL: 0CVE-2020-15352
https://notcve.org/view.php?id=CVE-2020-15352
27 Oct 2020 — An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Una vulnerabilidad de tipo XML external entity (XXE) en Pulse Connect Secure (PCS) versiones anteriores a 9.1R9 y Pulse Policy Secure (PPS) versiones anteriores a 9.1R9, permite a administradores autenticados remotos conducir ataques de tipo server-side req... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.2EPSS: 22%CPEs: 28EXPL: 0CVE-2020-8243 – Ivanti Pulse Connect Secure Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8243
29 Sep 2020 — A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. Una vulnerabilidad en la interfaz de administración web en Pulse Connect Secure versiones anteriores a 9.1R8.2, podría permitir a un atacante autenticado cargar una plantilla personalizada para llevar a cabo una ejecución de código arbitrario Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interfac... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 1CVE-2020-8238
https://notcve.org/view.php?id=CVE-2020-8238
29 Sep 2020 — A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure y Pulse Policy Secure versiones anteriores a 9.1R8.2, podría permitir a atacantes llevar a cabo un ataque de tipo Cross-Site Scripting (XSS) • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 2%CPEs: 24EXPL: 0CVE-2020-8216
https://notcve.org/view.php?id=CVE-2020-8216
30 Jul 2020 — An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. Una vulnerabilidad de divulgación de información en la reunión de Pulse Connect Secure versiones anteriores a 9.1R8, permitió a usuarios finales autenticados encontrar detalles de la reunión, si conocen el ID de Reunión • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8204
https://notcve.org/view.php?id=CVE-2020-8204
30 Jul 2020 — A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. Se presenta una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R5, en la Página PSAL • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 24EXPL: 0CVE-2020-8206
https://notcve.org/view.php?id=CVE-2020-8206
30 Jul 2020 — An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. Se presenta una vulnerabilidad de autenticación inapropiada en Pulse Connect Secure versiones anteriores a 9.1RB, que permite a un atacante con credenciales primarias de los usuarios omitir el TOTP de Google • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8217
https://notcve.org/view.php?id=CVE-2020-8217
30 Jul 2020 — A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R8, permitió a atacantes explotar en la URL usada por Citrix ICA • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8222
https://notcve.org/view.php?id=CVE-2020-8222
30 Jul 2020 — A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting. Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permitió a un atacante autenticado por medio de la interfaz web del administrador llevar a cabo una vulnerabilidad de lectura de archivos arbitraria por medio de Meeting • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •