Pulse Connect Secure/Pulse Policy Secure bis 9.1R8 XML External Entity erweiterte Rechte

eintrageditHistoryDiffjsonxmlCTI

In Pulse Connect Secure sowie Pulse Policy Secure bis 9.1R8 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist ein unbekannter Teil der Komponente XML External Entity Handler. Ein Upgrade auf die Version 9.1R9 vermag dieses Problem zu beheben.

Feld	27.10.2020 12:10	27.11.2020 12:11	27.11.2020 12:16
name	Pulse Connect Secure/Pulse Policy Secure	Pulse Connect Secure/Pulse Policy Secure	Pulse Connect Secure/Pulse Policy Secure
version	<=9.1R8	<=9.1R8	<=9.1R8
component	XML External Entity Handler	XML External Entity Handler	XML External Entity Handler
cwe	918 (erweiterte Rechte)	918 (erweiterte Rechte)	918 (erweiterte Rechte)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
url	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
name	Upgrade	Upgrade	Upgrade
upgrade_version	9.1R9	9.1R9	9.1R9
cve	CVE-2020-15352	CVE-2020-15352	CVE-2020-15352
date	1603753200 (27.10.2020)	1603753200 (27.10.2020)	1603753200 (27.10.2020)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_s	U	U	U
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.7	5.7	5.7
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	6.0
cvss3_meta_basescore	6.3	6.3	6.7
cvss3_meta_tempscore	6.0	6.0	6.4
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1593122400	1593122400
cve_nvd_summary		An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.	An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			H
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss2_nvd_basescore			6.5
cvss3_nvd_basescore			7.2

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!