CVE-2020-8219
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD
Description
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
Affected (24)
Products: Ivanti: Connect Secure, Policy Secure · Pulsesecure: Pulse Connect Secure, Pulse Policy Secure
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.1 | |
| Up to 9.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.1 | |
| Up to 9.0 |
Related CWEs
CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-280
Improper Handling of Insufficient Permissions or Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
References (2)
Source: support@hackerone.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.