CVE-2019-11541

high

Description

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.

References

https://www.tenable.com/blog/cve-2019-11510-proof-of-concept-available-for-arbitrary-file-disclosure-in-pulse-connect-secure

https://www.kb.cert.org/vuls/id/927237

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

http://www.securityfocus.com/bid/108073

Details

Source: Mitre, NVD

Published: 2019-04-26

Updated: 2024-02-27

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

Detections

Analytics