Описание
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 5.2r9.2 (исключая)
cpe:2.3:a:pulsesecure:desktop_linux_client:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 5.3r4.2 (исключая)
cpe:2.3:a:pulsesecure:desktop_linux_client:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00153
Низкий
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.
EPSS
Процентиль: 36%
0.00153
Низкий
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-295