4 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. Una vulnerabilidad de contrabando de solicitudes HTTP en Pulse Secure Virtual Traffic Manager antes de la versión 21.1 podría permitir a un atacante contrabandear una solicitud HTTP a través de un encabezado HTTP/2. Esta vulnerabilidad está resuelta en 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4 y 18.2R3 • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44790 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1. Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en la interfaz web de usuario administrador de Pulse Secure Virtual Traffic Manager podría permitir que un atacante autenticado remoto inyecte scripts web o HTML mediante un sitio web manipulado y robe datos sensibles y credenciales. Las versiones afectadas de Pulse Secure Virtual Traffic Manager son las 9.9 anteriores a la 9.9r2 y la 10.4r1. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation. Pulse Secure Virtual Traffic Manager, en versiones 9.9 anteriores a la 9.9r2 y la 10.4r1 permiten que un usuario autenticado remoto obtenga información sensible del historial de actividades aprovechando la validación incorrecta de permisos. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. Una vulnerabilidad CSRF en versiones Brocade Virtual Traffic Manager publicadas anteriormente e incluyendo a la 11.0 podrían permitir a un atacante engañar a un usuario conectado para que realice cambios administrativos en el clúster del gestor de tráfico. • http://www.securityfocus.com/bid/95930 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43681 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005 https://www.kb.cert.org/vuls/id/192371 • CWE-352: Cross-Site Request Forgery (CSRF) •