CVE Vulnerabilities

CVE-2020-15408

Published: Jul 28, 2020 | Modified: Jul 21, 2021
CVSS 3.x
4.6
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.

Affected Software

Name Vendor Start Version End Version
Pulse_connect_secure Pulsesecure * 9.1
Pulse_secure_desktop_client Pulsesecure 9.1 9.1
Pulse_secure_desktop_client Pulsesecure 9.1 9.1
Pulse_secure_desktop_client Pulsesecure 9.1 9.1
Pulse_secure_desktop_client Pulsesecure 9.1 9.1
Pulse_secure_desktop_client Pulsesecure 9.1 9.1
Pulse_secure_desktop_client Pulsesecure 9.1 9.1
Pulse_secure_desktop_client Pulsesecure 9.1 9.1
Pulse_secure_desktop_client Pulsesecure 9.1 9.1
Pulse_secure_desktop_client Pulsesecure 9.1 9.1
Pulse_secure_desktop_client Pulsesecure 9.1 9.1

References