CVE-2019-11540

Published: Apr 26, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.

Affected (26)

Products: Ivanti: Connect Secure · Pulsesecure: Pulse Connect Secure, Pulse Policy Secure

1 product

2 products

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 8.3
Pulsesecure Pulse Connect Secure	Version 8.3rx
Pulsesecure Pulse Connect Secure	Version 9.0r1
Pulsesecure Pulse Connect Secure	Version 9.0r2.1
Pulsesecure Pulse Connect Secure	Version 9.0r2
Pulsesecure Pulse Connect Secure	Version 9.0r3.1
Pulsesecure Pulse Connect Secure	Version 9.0r3.2
Pulsesecure Pulse Connect Secure	Version 9.0r3
Pulsesecure Pulse Connect Secure	Version 9.0rx
Pulsesecure Pulse Policy Secure	Version 5.4r1
Pulsesecure Pulse Policy Secure	Version 5.4r2.1
Pulsesecure Pulse Policy Secure	Version 5.4r2
Pulsesecure Pulse Policy Secure	Version 5.4r3
Pulsesecure Pulse Policy Secure	Version 5.4r4
Pulsesecure Pulse Policy Secure	Version 5.4r5.2
Pulsesecure Pulse Policy Secure	Version 5.4r5
Pulsesecure Pulse Policy Secure	Version 5.4r6.1
Pulsesecure Pulse Policy Secure	Version 5.4r6
Pulsesecure Pulse Policy Secure	Version 5.4r7
Pulsesecure Pulse Policy Secure	Version 5.4rx
Pulsesecure Pulse Policy Secure	Version 9.0r1
Pulsesecure Pulse Policy Secure	Version 9.0r2.1
Pulsesecure Pulse Policy Secure	Version 9.0r2
Pulsesecure Pulse Policy Secure	Version 9.0r3.1
Pulsesecure Pulse Policy Secure	Version 9.0r3
Pulsesecure Pulse Policy Secure	Version 9.0rx