CVE-2016-4791

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:ivanti:connect_secure:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:*:*:*:*:*:*:*

History

21 Nov 2024, 02:52

Type Values Removed Values Added
References () http://www.securitytracker.com/id/1035932 - () http://www.securitytracker.com/id/1035932 -
References () https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210 - Vendor Advisory () https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210 - Vendor Advisory

27 Feb 2024, 21:04

Type Values Removed Values Added
CPE cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.0:*:*:*:*:*:*:*
First Time Ivanti connect Secure
Ivanti

Information

Published : 2016-05-26 14:59

Updated : 2024-11-21 02:52


NVD link : CVE-2016-4791

Mitre link : CVE-2016-4791

CVE.ORG link : CVE-2016-4791


JSON object : View

Products Affected

pulsesecure

  • pulse_connect_secure

ivanti

  • connect_secure