CVE-2015-7323 | Vulnerability Database | Aqua Security

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar.

Affected Software

Name	Vendor	Start Version	End Version
Pulse_connect_secure	Juniper	7.1 (including)	7.1 (including)
Pulse_connect_secure	Juniper	7.4 (including)	7.4 (including)
Pulse_connect_secure	Juniper	8.0 (including)	8.0 (including)
Pulse_connect_secure	Juniper	8.1 (including)	8.1 (including)

References

http://seclists.org/fulldisclosure/2015/Sep/98
http://www.securitytracker.com/id/1033684
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054
https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html
https://profundis-labs.com/advisories/CVE-2015-7323.txt
http://seclists.org/fulldisclosure/2015/Sep/98
http://www.securitytracker.com/id/1033684
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054
https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html
https://profundis-labs.com/advisories/CVE-2015-7323.txt

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-7323
CWE	https://cwe.mitre.org/data/definitions/264.html