The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:36
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securitytracker.com/id/1033685 - | |
| References | () https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40053 - Vendor Advisory | |
| References | () https://profundis-labs.com/advisories/CVE-2015-7322.txt - Exploit |
Information
Published : 2015-10-05 15:59
Updated : 2024-11-21 02:36
NVD link : CVE-2015-7322
Mitre link : CVE-2015-7322
CVE.ORG link : CVE-2015-7322
JSON object : View
Products Affected
juniper
- pulse_connect_secure
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor