Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pulse connect secure vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-11193
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an malicious u...
Pulsesecure Pulse Connect Secure 8.3r1.0
6.5
CVSSv2
CVE-2021-22935
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
6.5
CVSSv2
CVE-2021-22937
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
6.5
CVSSv2
CVE-2021-22938
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
6.5
CVSSv2
CVE-2021-22934
A vulnerability in Pulse Connect Secure prior to 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
6.5
CVSSv2
CVE-2021-22899
A command injection vulnerability exists in Pulse Connect Secure prior to 9.1R11.4 allows a remote authenticated malicious user to perform remote code execution via Windows Resource Profiles Feature
Pulsesecure Pulse Connect Secure 9.0rx
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Ivanti Connect Secure 9.0
6.5
CVSSv2
CVE-2021-22900
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure prior to 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Ivanti Connect Secure 9.0
6.5
CVSSv2
CVE-2020-8260
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated malicious user to perform an arbitrary code execution using uncontrolled gzip extraction.
Pulsesecure Pulse Secure Desktop Client
Pulsesecure Pulse Secure Desktop Client 9.1
1 Article
6.5
CVSSv2
CVE-2020-15352
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) prior to 9.1R9 and Pulse Policy Secure (PPS) prior to 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Pulsesecure Pulse Connect Secure
Ivanti Connect Secure 9.1
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
6.5
CVSSv2
CVE-2020-8243
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated malicious user to upload custom template to perform an arbitrary code execution.
Pulsesecure Pulse Connect Secure
Pulsesecure Pulse Policy Secure
Ivanti Policy Secure 9.1
Ivanti Connect Secure 9.1
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »