In Pulse Secure Pulse Connect Secure (PCS) prior to 8.1R15.1, 8.2 prior to 8.2R12.1, 8.3 prior to 8.3R7.1, and 9.0 prior to 9.0R3.4 and Pulse Policy Secure (PPS) prior to 5.1R15.1, 5.2 prior to 5.2R12.1, 5.3 prior to 5.3R15.1, 5.4 prior to 5.4R7.1, and 9.0 prior to 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ivanti connect secure 9.0 |
||
ivanti connect secure 8.1 |
||
ivanti connect secure 8.2 |
||
ivanti connect secure 8.3 |
||
pulsesecure pulse policy secure 5.2 |
||
pulsesecure pulse policy secure 5.4 |
||
ivanti policy secure 9.0 |