CVE-2015-7322

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions prior to 7.1R22.1 Pulse Connect Secure versions prior to 7.4 Pulse Connect Secure versions 8.0 through 8.0R10 Pulse Connect Secure versions 8.1 through 8.1R2

Description The issue allows remote attackers to enumerate valid meeting ids via a series of requests to the Secure Meeting (Pulse Collaboration) in Pulse Connect Secure. This is due to the different messages provided for attempts to join a meeting depending on the status of the meeting.

Recommendations For Pulse Connect Secure versions prior to 7.1R22.1, update to version 7.1R22.1 or later. For Pulse Connect Secure versions prior to 7.4, update to version 7.4 or later. For Pulse Connect Secure versions 8.0 through 8.0R10, update to version 8.0R11 or later. For Pulse Connect Secure versions 8.1 through 8.1R2, update to version 8.1R3 or later.