Описание
The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:ivanti:connect_secure:8.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00222
Низкий
8.6 High
CVSS3
6.4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.6
github
больше 3 лет назад
The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.
EPSS
Процентиль: 45%
0.00222
Низкий
8.6 High
CVSS3
6.4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo