Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6320 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation. | |||||
| CVE-2020-15352 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-02-27 | 6.5 MEDIUM | 7.2 HIGH |
| An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | |||||
| CVE-2021-22933 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. | |||||
| CVE-2019-11539 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-02-27 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | |||||
| CVE-2020-8261 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-02-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. | |||||
| CVE-2019-11507 | 1 Ivanti | 1 Connect Secure | 2024-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. | |||||
| CVE-2021-22965 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. | |||||
| CVE-2020-8238 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). | |||||
| CVE-2021-22936 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. | |||||
| CVE-2018-20814 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX. | |||||
| CVE-2018-20810 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices. | |||||
| CVE-2024-22024 | 1 Ivanti | 3 Connect Secure, Policy Secure, Zero Trust Access | 2024-02-13 | N/A | 8.3 HIGH |
| An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | |||||
| CVE-2024-21893 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2024-02-01 | N/A | 8.2 HIGH |
| A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | |||||
| CVE-2024-21888 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-01-31 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | |||||