threat
engine
.sh
Back
·
··:··
Home
/
Product
/
pulsesecure pulse policy secure
Product
pulsesecure pulse policy secure
31 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2020-8262
< 9.1
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scriptin
6.1
MEDIUM
CVE-2020-8261
< 9.1
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
4.3
MEDIUM
CVE-2020-15352
<= 9.0
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 a
7.2
HIGH
CVE-2020-8238
<= 9.0
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow atta
6.1
MEDIUM
CVE-2020-8222
<= 9.0
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator
6.8
MEDIUM
CVE-2020-8221
<= 9.0
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary file
4.9
MEDIUM
CVE-2020-8220
<= 9.0
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command i
6.5
MEDIUM
CVE-2020-8219
<= 9.0
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the passwor
7.2
HIGH
CVE-2020-8218
<= 9.0
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitr
7.2
HIGH
CVE-2020-8217
<= 9.0
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix
5.4
MEDIUM
CVE-2020-8216
<= 9.0
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeti
4.3
MEDIUM
CVE-2020-8206
<= 9.0
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary creden
8.1
HIGH
CVE-2020-8204
<= 9.0
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
6.1
MEDIUM
CVE-2020-12880
<= 9.0
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulatin
5.5
MEDIUM
CVE-2020-11582
all versions
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS,
8.8
HIGH
CVE-2020-11581
all versions
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS,
8.1
HIGH
CVE-2020-11580
<= 2020-04-06
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS,
9.1
CRITICAL
CVE-2018-20814
all versions
An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure
6.1
MEDIUM
CVE-2018-20810
all versions
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (
9.8
CRITICAL
CVE-2018-20809
all versions
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Poli
7.5
HIGH
CVE-2019-11478
all versions
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmente
5.3
MEDIUM
CVE-2019-11477
all versions
Jonathan Looney discovered that the TCP_SKB_CB(skb)-tcp_gso_segs value was subject to an integer overflow in the Linux kernel when
7.5
HIGH
CVE-2019-11509
all versions
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pu
8.8
HIGH
CVE-2019-11543
all versions
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1
6.1
MEDIUM
CVE-2019-11542
all versions
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8
7.2
HIGH
CVE-2019-11540
all versions
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX b
9.8
CRITICAL
CVE-2019-11539
all versions
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8
7.2
HIGH
CVE-2018-6320
all versions
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8
9.8
CRITICAL
CVE-2018-14366
all versions
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX
6.1
MEDIUM
CVE-2018-5299
>= 5.4r1 and <= 5.4r3
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and P
9.8
CRITICAL
CVE-2017-11455
all versions
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 thro
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin