XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108073 | Broken Link Third Party Advisory VDB Entry |
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 | Vendor Advisory |
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ | Vendor Advisory |
https://www.kb.cert.org/vuls/id/927237 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
27 Feb 2024, 21:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:*:*:*:*:*:*:* |
cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:8.3:*:*:*:*:*:*:* |
First Time |
Ivanti connect Secure
Ivanti |
Information
Published : 2019-04-26 02:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-11543
Mitre link : CVE-2019-11543
CVE.ORG link : CVE-2019-11543
JSON object : View
Products Affected
pulsesecure
- pulse_connect_secure
- pulse_policy_secure
ivanti
- connect_secure
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')