← Back

CVE-2019-11538

nvd nist
Published: Apr 26, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.7
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Exploitability: 3.1 / Impact: 4.0
Source: NVD

Description

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.

Affected (59)

Ivanti
1 product
Connect Secure
Configuration A
59 vulnerable
Vulnerable SoftwareAffected Versions
Ivanti
Connect Secure
Version 8.1 r1.0
Connect Secure
Version 8.1 r1.1
Connect Secure
Version 8.1 r10.0
Connect Secure
Version 8.1 r11.0
Connect Secure
Version 8.1 r11.1
Connect Secure
Version 8.1 r12.0
Connect Secure
Version 8.1 r12.1
Connect Secure
Version 8.1 r13.0
Connect Secure
Version 8.1 r14.0
Connect Secure
Version 8.1 r2.0
Connect Secure
Version 8.1 r2.1
Connect Secure
Version 8.1 r3.0
Connect Secure
Version 8.1 r3.1
Connect Secure
Version 8.1 r3.2
Connect Secure
Version 8.1 r4.0
Connect Secure
Version 8.1 r4.1
Connect Secure
Version 8.1 r5.0
Connect Secure
Version 8.1 r6.0
Connect Secure
Version 8.1 r7.0
Connect Secure
Version 8.1 r8.0
Connect Secure
Version 8.1 r9.0
Connect Secure
Version 8.1 r9.1
Connect Secure
Version 8.1 r9.2
Connect Secure
Version 8.2 r1.0
Connect Secure
Version 8.2 r1.1
Connect Secure
Version 8.2 r10.0
Connect Secure
Version 8.2 r11.0
Connect Secure
Version 8.2 r12.0
Connect Secure
Version 8.2 r2.0
Connect Secure
Version 8.2 r3.0
Connect Secure
Version 8.2 r3.1
Connect Secure
Version 8.2 r4.0
Connect Secure
Version 8.2 r4.1
Connect Secure
Version 8.2 r5.0
Connect Secure
Version 8.2 r5.1
Connect Secure
Version 8.2 r6.0
Connect Secure
Version 8.2 r7.0
Connect Secure
Version 8.2 r7.1
Connect Secure
Version 8.2 r7.2
Connect Secure
Version 8.2 r8.0
Connect Secure
Version 8.2 r8.1
Connect Secure
Version 8.2 r8.2
Connect Secure
Version 8.2 r9.0
Connect Secure
Version 8.3 r1
Connect Secure
Version 8.3 r2.1
Connect Secure
Version 8.3 r2
Connect Secure
Version 8.3 r3
Connect Secure
Version 8.3 r4
Connect Secure
Version 8.3 r5.1
Connect Secure
Version 8.3 r5.2
Connect Secure
Version 8.3 r5
Connect Secure
Version 8.3 r6.1
Connect Secure
Version 8.3 r6
Connect Secure
Version 9.0 r1
Connect Secure
Version 9.0 r2.1
Connect Secure
Version 9.0 r2
Connect Secure
Version 9.0 r3.1
Connect Secure
Version 9.0 r3.2
Connect Secure
Version 9.0 r3

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (12)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.