Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pulsesecure pulse connect secure vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-8261
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
Ivanti Connect Secure 9.1
2.1
CVSSv2
CVE-2020-12880
An issue exists in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance prior to 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is...
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
6.5
CVSSv2
CVE-2020-15352
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) prior to 9.1R9 and Pulse Policy Secure (PPS) prior to 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
5
CVSSv2
CVE-2018-20809
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX prior to 8.3R5 and Pulse Policy Secure 5.4RX prior to 5.4R5. This is not applicable to PCS 8.1RX.
Pulsesecure Pulse Policy Secure 5.2
Pulsesecure Pulse Policy Secure 5.4
Pulsesecure Pulse Policy Secure 5.3
Pulsesecure Pulse Policy Secure 5.1
Pulsesecure Pulse Policy Secure 5.0
Pulsesecure Pulse Policy Secure 4.4
Ivanti Connect Secure 8.3
5.8
CVSSv2
CVE-2020-15408
An issue exists in Pulse Secure Pulse Connect Secure prior to 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Secure Desktop Client 9.1
6.5
CVSSv2
CVE-2021-22934
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
4
CVSSv2
CVE-2020-8256
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated malicious user to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
NA
CVE-2021-44720
In Ivanti Pulse Secure Pulse Connect Secure (PCS) prior to 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to...
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
5.5
CVSSv2
CVE-2021-22933
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
6.5
CVSSv2
CVE-2021-22935
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »