CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2020-8262
https://notcve.org/view.php?id=CVE-2020-8262
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones por debajo de 9.1R9, podría permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) y Redireccionamiento Abierto para la interfaz de usuario web autenticada • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2020-8261
https://notcve.org/view.php?id=CVE-2020-8261
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones anteriores a 9.1R9, es vulnerable a una inyección de cookies arbitraria • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 27EXPL: 0CVE-2020-15352
https://notcve.org/view.php?id=CVE-2020-15352
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Una vulnerabilidad de tipo XML external entity (XXE) en Pulse Connect Secure (PCS) versiones anteriores a 9.1R9 y Pulse Policy Secure (PPS) versiones anteriores a 9.1R9, permite a administradores autenticados remotos conducir ataques de tipo server-side request forgery (SSRF) por medio de un DTD diseñado en una petición XML • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.2EPSS: 0%CPEs: 28EXPL: 0CVE-2020-8243 – Ivanti Pulse Connect Secure Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8243
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. Una vulnerabilidad en la interfaz de administración web en Pulse Connect Secure versiones anteriores a 9.1R8.2, podría permitir a un atacante autenticado cargar una plantilla personalizada para llevar a cabo una ejecución de código arbitrario Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 1CVE-2020-8238
https://notcve.org/view.php?id=CVE-2020-8238
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure y Pulse Policy Secure versiones anteriores a 9.1R8.2, podría permitir a atacantes llevar a cabo un ataque de tipo Cross-Site Scripting (XSS) • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •