Pulse Connect Secure/Pulse Policy Secure bis 9.1R8 XML External Entity erweiterte Rechte

eintrageditHistoryDiffjsonxmlCTI

In Pulse Connect Secure sowie Pulse Policy Secure bis 9.1R8 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist ein unbekannter Teil der Komponente XML External Entity Handler. Ein Upgrade auf die Version 9.1R9 vermag dieses Problem zu beheben.

Feld27.10.2020 12:1027.11.2020 12:1127.11.2020 12:16
namePulse Connect Secure/Pulse Policy SecurePulse Connect Secure/Pulse Policy SecurePulse Connect Secure/Pulse Policy Secure
version<=9.1R8<=9.1R8<=9.1R8
componentXML External Entity HandlerXML External Entity HandlerXML External Entity Handler
cwe918 (erweiterte Rechte)918 (erweiterte Rechte)918 (erweiterte Rechte)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
urlhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
nameUpgradeUpgradeUpgrade
upgrade_version9.1R99.1R99.1R9
cveCVE-2020-15352CVE-2020-15352CVE-2020-15352
date1603753200 (27.10.2020)1603753200 (27.10.2020)1603753200 (27.10.2020)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_sUUU
cvss3_vuldb_eXXX
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.75.75.7
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.06.0
cvss3_meta_basescore6.36.36.7
cvss3_meta_tempscore6.06.06.4
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned15931224001593122400
cve_nvd_summaryAn XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prH
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss2_nvd_basescore6.5
cvss3_nvd_basescore7.2

Might our Artificial Intelligence support you?

Check our Alexa App!