6.5

CVE-2018-6374

The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PulsesecureDesktop Linux Client Version < 5.2r9.2
PulsesecureDesktop Linux Client Version < 5.3r4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.453
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 3.9 2.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620
Vendor Advisory
http://www.securityfocus.com/bid/102908
Third Party Advisory
VDB Entry