CVE-2020-8255

Published: Oct 28, 2020Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.

Affected (15)

Products: Pulsesecure: Pulse Secure Desktop Client

Pulsesecure

1 product

Pulse Secure Desktop Client

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Pulsesecure Pulse Secure Desktop Client	Before 9.1
Pulsesecure Pulse Secure Desktop Client	Version 9.1
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r1
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r2
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r3.1
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r3
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r4.1
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r4.2
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r4
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r5
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r6
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r7.1
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r7
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r8.2
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r8

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Source: support@hackerone.com

Vendor Advisory

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.