6.1

CVE-2018-14366

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.

Data is provided by the National Vulnerability Database (NVD)
IvantiConnect Secure Version8.1
IvantiConnect Secure Version8.3
PulsesecurePulse Connect Secure Version8.1r1.0
PulsesecurePulse Policy Secure Version5.2r1.0
PulsesecurePulse Policy Secure Version5.2r2.0
PulsesecurePulse Policy Secure Version5.2r3.0
PulsesecurePulse Policy Secure Version5.2r3.2
PulsesecurePulse Policy Secure Version5.2r4.0
PulsesecurePulse Policy Secure Version5.2r5.0
PulsesecurePulse Policy Secure Version5.2r6.0
PulsesecurePulse Policy Secure Version5.2r7.0
PulsesecurePulse Policy Secure Version5.2r7.1
PulsesecurePulse Policy Secure Version5.2r8.0
PulsesecurePulse Policy Secure Version5.2r9.0
PulsesecurePulse Policy Secure Version5.2r9.1
PulsesecurePulse Policy Secure Version5.2rx
PulsesecurePulse Policy Secure Version5.4r1
PulsesecurePulse Policy Secure Version5.4r2
PulsesecurePulse Policy Secure Version5.4r2.1
PulsesecurePulse Policy Secure Version5.4r3
PulsesecurePulse Policy Secure Version5.4rx
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.1% 0.284
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.