Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:pulsesecure:pulse_connect_secure:7.1:r1.1:*:*:*:*:*:*
  • CPE Name Search: true
There are 31 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-22938

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

Published: August 16, 2021; 3:15:13 PM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-22937

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

Published: August 16, 2021; 3:15:13 PM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

Published: August 16, 2021; 3:15:13 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-22935

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

Published: August 16, 2021; 3:15:13 PM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-22934

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.

Published: August 16, 2021; 3:15:13 PM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-22933

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.

Published: August 16, 2021; 3:15:13 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2021-22900

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

Published: May 27, 2021; 8:15:07 AM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-22899

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

Published: May 27, 2021; 8:15:07 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-22894

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

Published: May 27, 2021; 8:15:07 AM -0400
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2020-8262

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

Published: October 28, 2020; 9:15:13 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-8261

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.

Published: October 28, 2020; 9:15:13 AM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-15352

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Published: October 27, 2020; 1:15:12 AM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-8256

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.

Published: September 30, 2020; 2:15:29 PM -0400
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-8243

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.

Published: September 30, 2020; 2:15:29 PM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-8238

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).

Published: September 30, 2020; 2:15:28 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-8222

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.

Published: July 30, 2020; 9:15:12 AM -0400
V3.1: 6.8 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-8221

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.

Published: July 30, 2020; 9:15:12 AM -0400
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-8220

A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.

Published: July 30, 2020; 9:15:11 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2020-8219

An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.

Published: July 30, 2020; 9:15:11 AM -0400
V3.1: 7.2 HIGH
V2.0: 4.0 MEDIUM
CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

Published: July 30, 2020; 9:15:11 AM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM