vulnerability
Pulse Secure Pulse Connect Secure: CVE-2018-9849: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0R1 and vTM 18.1 (SA43730)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | May 10, 2018 | Oct 28, 2020 | Feb 15, 2024 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
May 10, 2018
Added
Oct 28, 2020
Modified
Feb 15, 2024
Description
Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
Solutions
pulse-secure-pulse-connect-secure-upgrade-8_1r14pulse-secure-pulse-connect-secure-upgrade-8_2r11pulse-secure-pulse-connect-secure-upgrade-8_3r5pulse-secure-pulse-connect-secure-upgrade-9_0r1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.