← Back

CVE-2018-14366

nvd nist
Published: Sep 6, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.

Affected (23)

Ivanti
1 product
Connect Secure
Pulsesecure
2 products
Pulse Connect Secure
Pulse Policy Secure
Configuration A
23 vulnerable
Vulnerable SoftwareAffected Versions
Ivanti
Connect Secure
Version 8.1
Connect Secure
Version 8.3
Pulsesecure
Pulse Connect Secure
Version 8.1r1.0
Pulse Connect Secure
Version 8.1rx
Pulse Connect Secure
Version 8.3rx
Pulsesecure
Pulse Policy Secure
Version 5.2r1.0
Pulse Policy Secure
Version 5.2r2.0
Pulse Policy Secure
Version 5.2r3.0
Pulse Policy Secure
Version 5.2r3.2
Pulse Policy Secure
Version 5.2r4.0
Pulse Policy Secure
Version 5.2r5.0
Pulse Policy Secure
Version 5.2r6.0
Pulse Policy Secure
Version 5.2r7.0
Pulse Policy Secure
Version 5.2r7.1
Pulse Policy Secure
Version 5.2r8.0
Pulse Policy Secure
Version 5.2r9.0
Pulse Policy Secure
Version 5.2r9.1
Pulse Policy Secure
Version 5.2rx
Pulse Policy Secure
Version 5.4r1
Pulse Policy Secure
Version 5.4r2.1
Pulse Policy Secure
Version 5.4r2
Pulse Policy Secure
Version 5.4r3
Pulse Policy Secure
Version 5.4rx

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.