CVE-2018-9849 in Pulse Connect Secureinfo

Summary

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

04/07/2018

Disclosure

05/10/2018

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-399 (Confirmed)

CVSS

5.4

EPSS

0.00444

CTI

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-9849
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-9849
CVE Details	https://www.cvedetails.com/cve/CVE-2018-9849/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!