Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pulsesecure pulse connect secure vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-8238
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow malicious users to conduct Cross-Site Scripting (XSS).
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
Ivanti Connect Secure 9.1
7.2
CVSSv3
CVE-2020-8243
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated malicious user to upload custom template to perform an arbitrary code execution.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
Ivanti Connect Secure 9.1
1 Article
4.3
CVSSv3
CVE-2020-8261
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
Ivanti Connect Secure 9.1
6.1
CVSSv3
CVE-2020-8262
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow malicious users to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
Ivanti Connect Secure 9.1
7.2
CVSSv3
CVE-2020-15352
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) prior to 9.1R9 and Pulse Policy Secure (PPS) prior to 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
7.2
CVSSv3
CVE-2020-8218
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an malicious user to crafted a URI to perform an arbitrary code execution via the admin web interface.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
1 Github repository
1 Article
7.5
CVSSv3
CVE-2018-20809
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX prior to 8.3R5 and Pulse Policy Secure 5.4RX prior to 5.4R5. This is not applicable to PCS 8.1RX.
Pulsesecure Pulse Policy Secure 5.2
Pulsesecure Pulse Policy Secure 5.4
Pulsesecure Pulse Policy Secure 5.3
Pulsesecure Pulse Policy Secure 5.1
Pulsesecure Pulse Policy Secure 5.0
Pulsesecure Pulse Policy Secure 4.4
Ivanti Connect Secure 8.3
4.6
CVSSv3
CVE-2020-15408
An issue exists in Pulse Secure Pulse Connect Secure prior to 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Secure Desktop Client 9.1
7.5
CVSSv3
CVE-2021-22965
A vulnerability in Pulse Connect Secure prior to 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
5.4
CVSSv3
CVE-2022-21826
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HT...
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »