The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pulse_secure_desktop_client | Pulsesecure | 5.3r1 (including) | 5.3r1 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3r1.1 (including) | 5.3r1.1 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3r2 (including) | 5.3r2 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3r3 (including) | 5.3r3 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3r4 (including) | 5.3r4 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3r4.1 (including) | 5.3r4.1 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3r4.2 (including) | 5.3r4.2 (including) |
| Pulse_secure_desktop_client | Pulsesecure | 5.3rx (including) | 5.3rx (including) |
| Pulse_secure_desktop_client | Pulsesecure | 9.0r1 (including) | 9.0r1 (including) |