vulnerability

CVE-2019-11510: Pulse Secure Connect unauthenticated arbitrary file read

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

May 8, 2019

Added

Sep 18, 2019

Modified

May 3, 2022

Description

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability.

Solutions

pulse-secure-connect-upgrade-8_1R15_1pulse-secure-connect-upgrade-8_2R12_1pulse-secure-connect-upgrade-8_3R7_1pulse-secure-connect-upgrade-9_0R3_4pulse-secure-connect-upgrade-9_0R4_0

References

BID-108073
CVE-2019-11510
https://attackerkb.com/topics/CVE-2019-11510
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report