Описание
Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.1 (включая) до 8.1r14 (исключая)
cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
Конфигурация 2Версия от 8.2 (включая) до 8.2r11 (исключая)
cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
Конфигурация 3Версия от 8.3 (включая) до 8.3r5 (исключая)
cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00444
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.5
github
больше 3 лет назад
Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
EPSS
Процентиль: 63%
0.00444
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-noinfo