PT-2018-12466 · Pulse · Pulse Connect Secure+1
Published
2018-09-06
·
Updated
2024-02-27
·
CVE-2018-14366
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Pulse Connect Secure versions 8.1RX through 8.1R12
Pulse Connect Secure versions 8.3RX through 8.3R3
Pulse Policy Secure versions 5.2RX through 5.2R9
Pulse Policy Secure versions 5.4RX through 5.4R3
Description
The issue is related to an Open Redirect Vulnerability in the download.cgi component. This vulnerability can be exploited, potentially leading to unauthorized redirects.
Recommendations
For Pulse Connect Secure versions 8.1RX through 8.1R12, update to version 8.1R13 or later.
For Pulse Connect Secure versions 8.3RX through 8.3R3, update to version 8.3R4 or later.
For Pulse Policy Secure versions 5.2RX through 5.2R9, update to version 5.2R10 or later.
For Pulse Policy Secure versions 5.4RX through 5.4R3, update to version 5.4R4 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pulse Connect Secure
Pulse Policy Secure