← Back

CVE-2018-6320

nvd nist
Published: Sep 6, 2018Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.

Affected (18)

Ivanti
1 product
Connect Secure
Pulsesecure
2 products
Pulse Connect Secure
Pulse Policy Secure
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
Connect Secure
Version 8.1
Pulsesecure
Pulse Connect Secure
Version 8.1r1.0
Pulse Connect Secure
Version 8.1rx
Pulse Connect Secure
Version 8.3rx
Pulsesecure
Pulse Policy Secure
Version 5.2r1.0
Pulse Policy Secure
Version 5.2r2.0
Pulse Policy Secure
Version 5.2r3.0
Pulse Policy Secure
Version 5.2r3.2
Pulse Policy Secure
Version 5.2r4.0
Pulse Policy Secure
Version 5.2r5.0
Pulse Policy Secure
Version 5.2r6.0
Pulse Policy Secure
Version 5.2r7.0
Pulse Policy Secure
Version 5.2r7.1
Pulse Policy Secure
Version 5.2r8.0
Pulse Policy Secure
Version 5.2rx
Pulse Policy Secure
Version 5.4r1
Pulse Policy Secure
Version 5.4r2
Pulse Policy Secure
Version 5.4rx

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.