Pulsesecure Pulse Connect Secure — known CVE vulnerabilities
Every CVE whose affected-product data names Pulsesecure Pulse Connect Secure, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (57)
CVE-2016-4787 — CVSS 10.0 (critical): Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read…
CVE-2019-11540 — CVSS 9.8 (critical): In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before…
CVE-2018-5299 — CVSS 9.8 (critical): A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse…
CVE-2018-6320 — CVSS 9.8 (critical): A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and…
CVE-2020-11580 — CVSS 9.1 (critical): An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux…
CVE-2017-11193 — CVSS 8.8 (high): Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6…
CVE-2020-11582 — CVSS 8.8 (high): An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux…
CVE-2021-22908 — CVSS 8.8 (high): A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to…
CVE-2017-11196 — CVSS 8.8 (high): Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus…
CVE-2017-11455 — CVSS 8.8 (high): diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through…
CVE-2018-18284 — CVSS 8.6 (high): Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
CVE-2016-4791 — CVSS 8.6 (high): The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before…
CVE-2020-8206 — CVSS 8.1 (high): An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to…
CVE-2019-11213 — CVSS 8.1 (high): In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a…
CVE-2020-11581 — CVSS 8.1 (high): An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux…
CVE-2018-15909 — CVSS 7.8 (high): In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply…
CVE-2018-15910 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams…
CVE-2018-15911 — CVSS 7.8 (high): In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the…
CVE-2018-16513 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function…
CVE-2021-22965 — CVSS 7.5 (high): A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a…
CVE-2016-4786 — CVSS 7.5 (high): Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a…
CVE-2019-11541 — CVSS 7.5 (high): In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML…
CVE-2019-11508 — CVSS 7.2 (high): In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an…
CVE-2021-22937 — CVSS 7.2 (high): A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously…
CVE-2019-11542 — CVSS 7.2 (high): In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1…
CVE-2021-22935 — CVSS 7.2 (high): A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an…
CVE-2021-22934 — CVSS 7.2 (high): A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device…
CVE-2020-15352 — CVSS 7.2 (high): An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows…
CVE-2021-44720 — CVSS 7.2 (high): In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the…
CVE-2021-22938 — CVSS 7.2 (high): A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an…
CVE-2020-8219 — CVSS 7.2 (high): An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a…
CVE-2020-8222 — CVSS 6.8 (medium): A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web…
CVE-2016-3985 — CVSS 6.5 (medium): The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1…
CVE-2020-8220 — CVSS 6.5 (medium): A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection…
CVE-2021-22933 — CVSS 6.5 (medium): A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a…
CVE-2020-8262 — CVSS 6.1 (medium): A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS)…
CVE-2020-8204 — CVSS 6.1 (medium): A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
CVE-2017-11195 — CVSS 6.1 (medium): Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the…
CVE-2018-14366 — CVSS 6.1 (medium): download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before…
CVE-2021-22936 — CVSS 6.1 (medium): A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an…
CVE-2019-11543 — CVSS 6.1 (medium): XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before…
CVE-2020-8238 — CVSS 6.1 (medium): A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to…
CVE-2017-11194 — CVSS 6.1 (medium): Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of…
CVE-2016-4789 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure…
CVE-2016-4788 — CVSS 5.8 (medium): Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an…
CVE-2018-9849 — CVSS 5.5 (medium): Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML…
CVE-2016-4790 — CVSS 5.5 (medium): Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before…
CVE-2020-12880 — CVSS 5.5 (medium): An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a…
CVE-2020-8217 — CVSS 5.4 (medium): A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.
CVE-2022-21826 — CVSS 5.4 (medium): Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST…
CVE-2020-8256 — CVSS 4.9 (medium): A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file…
CVE-2020-8221 — CVSS 4.9 (medium): A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the…
CVE-2017-17947 — CVSS 4.8 (medium): A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before…
CVE-2020-8216 — CVSS 4.3 (medium): An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting…
CVE-2020-8261 — CVSS 4.3 (medium): A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
CVE-2020-15408 — CVSS 3.7 (low): An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via…