CVE-2016-4791

Published: May 26, 2016Modified: May 6, 2026

8.6

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.

Affected (5)

Products: Ivanti: Connect Secure · Pulsesecure: Pulse Connect Secure

1 product

1 product

Pulse Connect Secure

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 8.1
Pulsesecure Pulse Connect Secure	Version 8.1r1.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 8.2

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 8.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Pulsesecure Pulse Connect Secure	Version 7.4

References (4)

http://www.securitytracker.com/id/1035932

Source: cve@mitre.org

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id/1035932

Source: af854a3a-2127-422b-91ae-364da2661108

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.