CVE-2016-4787

{"id": "CVE-2016-4787", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 3.9}]}, "published": "2016-05-26T14:59:03.493", "references": [{"url": "http://www.securitytracker.com/id/1035932", "source": "cve@mitre.org"}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40207", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1035932", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40207", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors."}, {"lang": "es", "value": "Pulse Connect Secure (PCS) 8.2 en versiones anteriores a 8.2r1, 8.1 en versiones anteriores a 8.1r2, 8.0 en versiones anteriores a 8.0r10 y 7.4 en versiones anteriores a 7.4r13.4 permite a atacantes remotos leer archivos de autenticaci\u00f3n sensibles del sistema en un directorio no especificado a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-11-21T02:52:58.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:connect_secure:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52840E34-91BB-4E44-BE85-B50CDE4D2EDD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2BCE3E8-ED64-4CCD-9A3F-3D99476B81E1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A1A7B1C-EF34-4F63-AE11-75DB8DCBF9F1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7"}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2037BE1-408C-47E8-8A70-8440BF3A1ED6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}