Pulse Connect Secure

pulse_connect_secure

Vendor: Pulsesecure • 57 CVEs

CVEs (57)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-21826 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Sep 30, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the...Show more Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.Show less
CVE-2021-44720 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-o...Show more In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.Show less
CVE-2021-22965 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Nov 19, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.
CVE-2021-22938 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
CVE-2021-22937 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
CVE-2021-22936 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
CVE-2021-22935 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
CVE-2021-22934 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious cr...Show more A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.Show less
CVE-2021-22933 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
CVE-2021-22908 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 May 27, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, thi...Show more A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.Show less
CVE-2021-22900 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Dec 18, 2025 May 27, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the admi...Show more A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.Show less
CVE-2020-8262 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Oct 28, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
CVE-2020-8261 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Oct 28, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
CVE-2020-15352 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Oct 27, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks vi...Show more An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.Show less
CVE-2020-8256 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Sep 30, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerabilit...Show more A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.Show less
CVE-2020-8238 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Sep 30, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).
CVE-2020-8222 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Jul 30, 2020 N/A· v4 6.8 MEDIUM· v3 4.0 MEDIUM· v2 A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.
CVE-2020-8221 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Jul 30, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.
CVE-2020-8220 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Jul 30, 2020 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
CVE-2020-8219 2Ivanti Pulsesecure 4Connect Secure Policy SecurePulse Connect Secure+1 more Nov 21, 2024 Jul 30, 2020 N/A· v4 7.2 HIGH· v3 4.0 MEDIUM· v2 An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.

12 3 Next