8.1
CVE-2019-11213
- EPSS 2.62%
- Published 12.04.2019 15:29:00
- Last modified 21.11.2024 04:20:44
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.
Data is provided by the National Vulnerability Database (NVD)
Ivanti ≫ Connect Secure Version >= 9.0r1 < 9.0r3
Pulsesecure ≫ Pulse Connect Secure Version >= 8.1r1.0 <= 8.1r14.0
Pulsesecure ≫ Pulse Connect Secure Version >= 8.3r1 < 8.3r7
Pulsesecure ≫ Pulse Secure Desktop Client Version >= 5.0r1.0 < 5.3r7
Pulsesecure ≫ Pulse Secure Desktop Client Version >= 9.0r1 < 9.0r3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.62% | 0.844 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-384 Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.