CVE-2019-11509

Published: Jun 3, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.

Affected (92)

Products: Ivanti: Connect Secure, Policy Secure · Pulsesecure: Pulse Policy Secure

2 products

1 product

Configuration A

54 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 8.1
Ivanti Connect Secure	Version 8.1 r1.0
Ivanti Connect Secure	Version 8.1 r1.1
Ivanti Connect Secure	Version 8.1 r10.0
Ivanti Connect Secure	Version 8.1 r11.0
Ivanti Connect Secure	Version 8.1 r11.1
Ivanti Connect Secure	Version 8.1 r12.0
Ivanti Connect Secure	Version 8.1 r12.1
Ivanti Connect Secure	Version 8.1 r13.0
Ivanti Connect Secure	Version 8.1 r14.0
Ivanti Connect Secure	Version 8.1 r2.0
Ivanti Connect Secure	Version 8.1 r2.1
Ivanti Connect Secure	Version 8.1 r3.1
Ivanti Connect Secure	Version 8.1 r3.2
Ivanti Connect Secure	Version 8.1 r4.0
Ivanti Connect Secure	Version 8.1 r4.1
Ivanti Connect Secure	Version 8.1 r5.0
Ivanti Connect Secure	Version 8.1 r6.0
Ivanti Connect Secure	Version 8.1 r7.0
Ivanti Connect Secure	Version 8.1 r8.0
Ivanti Connect Secure	Version 8.1 r9.0
Ivanti Connect Secure	Version 8.1 r9.1
Ivanti Connect Secure	Version 8.1 r9.2
Ivanti Connect Secure	Version 8.2 r1.0
Ivanti Connect Secure	Version 8.2 r1.1
Ivanti Connect Secure	Version 8.2 r10.0
Ivanti Connect Secure	Version 8.2 r11.0
Ivanti Connect Secure	Version 8.2 r12.0
Ivanti Connect Secure	Version 8.2 r2.0
Ivanti Connect Secure	Version 8.2 r3.0
Ivanti Connect Secure	Version 8.2 r3.1
Ivanti Connect Secure	Version 8.2 r4.0
Ivanti Connect Secure	Version 8.2 r4.1
Ivanti Connect Secure	Version 8.2 r5.0
Ivanti Connect Secure	Version 8.2 r5.1
Ivanti Connect Secure	Version 8.2 r6.0
Ivanti Connect Secure	Version 8.2 r7.0
Ivanti Connect Secure	Version 8.2 r7.1
Ivanti Connect Secure	Version 8.2 r8.0
Ivanti Connect Secure	Version 8.2 r8.1
Ivanti Connect Secure	Version 8.2 r8.2
Ivanti Connect Secure	Version 8.2 r9.0
Ivanti Connect Secure	Version 8.3 r1
Ivanti Connect Secure	Version 8.3 r2.1
Ivanti Connect Secure	Version 8.3 r2
Ivanti Connect Secure	Version 8.3 r3
Ivanti Connect Secure	Version 8.3 r4
Ivanti Connect Secure	Version 8.3 r5.1
Ivanti Connect Secure	Version 8.3 r5.2
Ivanti Connect Secure	Version 8.3 r5
Ivanti Connect Secure	Version 8.3 r6.1
Ivanti Connect Secure	Version 8.3 r6
Ivanti Connect Secure	Version 8.3 r7
Ivanti Connect Secure	Version 9.0 r3.2

Configuration B

38 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 9.0
Ivanti Connect Secure	Version 9.0 r1
Ivanti Connect Secure	Version 9.0 r2.1
Ivanti Connect Secure	Version 9.0 r2
Ivanti Connect Secure	Version 9.0 r3.1
Ivanti Connect Secure	Version 9.0 r3
Ivanti Policy Secure	Version 9.0
Ivanti Policy Secure	Version 9.0 r1
Ivanti Policy Secure	Version 9.0 r2.1
Ivanti Policy Secure	Version 9.0 r2
Ivanti Policy Secure	Version 9.0 r3.1
Ivanti Policy Secure	Version 9.0 r3
Pulsesecure Pulse Policy Secure	Version 5.2
Pulsesecure Pulse Policy Secure	Version 5.2 r1.0
Pulsesecure Pulse Policy Secure	Version 5.2 r10.0
Pulsesecure Pulse Policy Secure	Version 5.2 r11.0
Pulsesecure Pulse Policy Secure	Version 5.2 r2.0
Pulsesecure Pulse Policy Secure	Version 5.2 r3.0
Pulsesecure Pulse Policy Secure	Version 5.2 r3.2
Pulsesecure Pulse Policy Secure	Version 5.2 r4.0
Pulsesecure Pulse Policy Secure	Version 5.2 r5.0
Pulsesecure Pulse Policy Secure	Version 5.2 r6.0
Pulsesecure Pulse Policy Secure	Version 5.2 r7.0
Pulsesecure Pulse Policy Secure	Version 5.2 r7.1
Pulsesecure Pulse Policy Secure	Version 5.2 r8.0
Pulsesecure Pulse Policy Secure	Version 5.2 r9.0
Pulsesecure Pulse Policy Secure	Version 5.2 r9.1
Pulsesecure Pulse Policy Secure	Version 5.4
Pulsesecure Pulse Policy Secure	Version 5.4 r1
Pulsesecure Pulse Policy Secure	Version 5.4 r2.1
Pulsesecure Pulse Policy Secure	Version 5.4 r2
Pulsesecure Pulse Policy Secure	Version 5.4 r3
Pulsesecure Pulse Policy Secure	Version 5.4 r4
Pulsesecure Pulse Policy Secure	Version 5.4 r5.2
Pulsesecure Pulse Policy Secure	Version 5.4 r5
Pulsesecure Pulse Policy Secure	Version 5.4 r6.1
Pulsesecure Pulse Policy Secure	Version 5.4 r6
Pulsesecure Pulse Policy Secure	Version 5.4 r7