A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.
References
Link | Resource |
---|---|
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 | Vendor Advisory |
https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Feb 2024, 21:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ivanti
Ivanti connect Secure |
|
CPE | cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.1:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.3:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:-:*:*:*:*:*:* |
cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:* |
13 Dec 2022, 15:55
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/ - Exploit, Third Party Advisory |
01 Aug 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-09-30 18:15
Updated : 2024-02-27 21:04
NVD link : CVE-2020-8256
Mitre link : CVE-2020-8256
CVE.ORG link : CVE-2020-8256
JSON object : View
Products Affected
ivanti
- connect_secure
pulsesecure
- pulse_connect_secure
CWE
CWE-611
Improper Restriction of XML External Entity Reference