Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
References
Link | Resource |
---|---|
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Feb 2024, 21:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ivanti connect Secure
Ivanti |
|
CPE | cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:* |
Information
Published : 2019-06-28 18:15
Updated : 2024-02-28 17:08
NVD link : CVE-2018-20810
Mitre link : CVE-2018-20810
CVE.ORG link : CVE-2018-20810
JSON object : View
Products Affected
pulsesecure
- pulse_policy_secure
ivanti
- connect_secure
CWE
CWE-326
Inadequate Encryption Strength