vulnerability

Pulse Secure Pulse Connect Secure: CVE-2020-15352: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop Client 9.1R9 (SA44601)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Oct 27, 2020	Oct 28, 2020	Feb 15, 2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Oct 27, 2020

Added

Oct 28, 2020

Modified

Feb 15, 2024

Description

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Solution

pulse-secure-pulse-connect-secure-upgrade-9_1r9

References

CVE-2020-15352
https://attackerkb.com/topics/CVE-2020-15352
URL-https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today