CVE-2019-11543
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
Existe una vulnerabilidad Cross-site scripting (XSS), en la consola web de administración de Pulse Secure Pulse Connect Secure (PCS) versiones 9.0RX anteriores a 9.0R3.4, versiones 8.3RX anteriores a 8.3R7.1, y versiones 8.1RX anteriores a 8.1R15.1; Pulse Policy Secure versiones 9.0RX anteriores a 9.0R3.2, versiones 5.4RX anteriores a 5.4R7.1, y versiones 5.2RX anteriores a 5.2R12.1
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-04-25 CVE Reserved
- 2019-04-26 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/108073 | Broken Link | |
| https://www.kb.cert.org/vuls/id/927237 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 | 2024-02-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ivanti Search vendor "Ivanti" | Connect Secure Search vendor "Ivanti" for product "Connect Secure" | 8.1 Search vendor "Ivanti" for product "Connect Secure" and version "8.1" | - |
Affected
| ||||||
| Ivanti Search vendor "Ivanti" | Connect Secure Search vendor "Ivanti" for product "Connect Secure" | 8.3 Search vendor "Ivanti" for product "Connect Secure" and version "8.3" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 8.1r1.0 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "8.1r1.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 8.1rx Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "8.1rx" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 8.3rx Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "8.3rx" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 9.0r1 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "9.0r1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 9.0r2 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "9.0r2" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 9.0r2.1 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "9.0r2.1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 9.0r3 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "9.0r3" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 9.0r3.1 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "9.0r3.1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 9.0r3.2 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "9.0r3.2" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 9.0rx Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "9.0rx" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r1.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r1.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r2.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r2.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r3.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r3.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r3.2 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r3.2" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r4.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r4.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r5.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r5.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r6.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r6.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r7.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r7.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r7.1 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r7.1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r8.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r8.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r9.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r9.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r9.1 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r9.1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r10.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r10.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2r11.0 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2r11.0" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.2rx Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.2rx" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4r1 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4r1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4r2 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4r2" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4r2.1 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4r2.1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4r3 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4r3" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4r4 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4r4" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4r5 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4r5" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4r5.2 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4r5.2" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4r6 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4r6" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4r6.1 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4r6.1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4r7 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4r7" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 5.4rx Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "5.4rx" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 9.0r1 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "9.0r1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 9.0r2 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "9.0r2" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 9.0r2.1 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "9.0r2.1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 9.0r3 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "9.0r3" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 9.0r3.1 Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "9.0r3.1" | - |
Affected
| ||||||
| Pulsesecure Search vendor "Pulsesecure" | Pulse Policy Secure Search vendor "Pulsesecure" for product "Pulse Policy Secure" | 9.0rx Search vendor "Pulsesecure" for product "Pulse Policy Secure" and version "9.0rx" | - |
Affected
| ||||||