← Back

Pulsesecure

pulsesecure

93 CVEs • 19 products

Products (19)

Click to collapse
Toggle
Pulse Connect Secure
pulse_connect_secure
57 CVEs
Pulse Policy Secure
pulse_policy_secure
31 CVEs
Pulse Secure Desktop Client
pulse_secure_desktop_client
18 CVEs
Pulse Secure Desktop
pulse_secure_desktop
3 CVEs
Virtual Traffic Manager
virtual_traffic_manager
3 CVEs
Client
client
2 CVEs
Steel Belted Radius
steel_belted_radius
2 CVEs
Pulse Secure Virtual Application Delivery Controller
pulse_secure_virtual_application_delivery_controller
2 CVEs
Odyssey Access Client
odyssey_access_client
1 CVE
Pulse Secure Security
pulse_secure_security
1 CVE
Standalone Pulse Installer Service
standalone_pulse_installer_service
1 CVE
Pulse One On Premise
pulse_one_on-premise
1 CVE
Desktop Linux Client
desktop_linux_client
1 CVE
Secure Access Series Ssl Vpn Sa 4000
secure_access_series_ssl_vpn_sa-4000
1 CVE
Pulse Secure Installer Service
pulse_secure_installer_service
1 CVE
Psa 5000 Firmware
psa-5000_firmware
1 CVE
Psa 7000 Firmware
psa-7000_firmware
1 CVE
Psa 5000
psa-5000
0 CVEs
Psa 7000
psa-7000
0 CVEs

CVEs (93)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-8248
1Pulsesecure
1Pulse Secure Desktop Client
Nov 21, 2024
Oct 28, 2020
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
CVE-2020-8241
1Pulsesecure
1Pulse Secure Desktop Client
Nov 21, 2024
Oct 28, 2020
N/A· v4
7.5 HIGH· v3
5.1 MEDIUM· v2
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.
CVE-2020-8240
1Pulsesecure
1Pulse Secure Desktop Client
Nov 21, 2024
Oct 28, 2020
N/A· v4
7.8 HIGH· v3
6.9 MEDIUM· v2
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerabilit...Show more
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.Show less
CVE-2020-8239
1Pulsesecure
1Pulse Secure Desktop Client
Nov 21, 2024
Oct 28, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and...Show more
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.Show less
CVE-2020-8956
1Pulsesecure
1Pulse Secure Desktop
Nov 21, 2024
Oct 27, 2020
N/A· v4
3.3 LOW· v3
1.9 LOW· v2
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.
CVE-2020-15352
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Oct 27, 2020
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks vi...Show more
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.Show less
CVE-2020-8256
2Ivanti
Pulsesecure
2Connect Secure
Pulse Connect Secure
Nov 21, 2024
Sep 30, 2020
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerabilit...Show more
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.Show less
CVE-2020-8238
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Sep 30, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).
CVE-2020-8222
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Jul 30, 2020
N/A· v4
6.8 MEDIUM· v3
4.0 MEDIUM· v2
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.
CVE-2020-8221
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Jul 30, 2020
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.
CVE-2020-8220
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Jul 30, 2020
N/A· v4
6.5 MEDIUM· v3
5.5 MEDIUM· v2
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
CVE-2020-8219
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Jul 30, 2020
N/A· v4
7.2 HIGH· v3
4.0 MEDIUM· v2
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
CVE-2020-8218
2Ivanti
Pulsesecure
3Connect Secure
Policy SecurePulse Policy Secure
Oct 30, 2025
Jul 30, 2020
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
CVE-2020-8217
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Jul 30, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.
CVE-2020-8216
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Jul 30, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.
CVE-2020-8206
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Jul 30, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
CVE-2020-8204
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Jul 30, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
CVE-2020-15408
1Pulsesecure
2Pulse Connect Secure
Pulse Secure Desktop Client
Nov 21, 2024
Jul 28, 2020
N/A· v4
4.6 MEDIUM· v3
5.8 MEDIUM· v2
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
CVE-2020-12880
2Ivanti
Pulsesecure
4Connect Secure
Policy SecurePulse Connect Secure+1 more
Nov 21, 2024
Jul 27, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a...Show more
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)Show less
CVE-2020-13162
1Pulsesecure
2Pulse Secure Desktop Client
Pulse Secure Installer Service
May 5, 2025
Jun 16, 2020
N/A· v4
7.0 HIGH· v3
6.9 MEDIUM· v2
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Micros...Show more
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.Show less