9.8

CVE-2019-11540

Exploit

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.

Data is provided by the National Vulnerability Database (NVD)
IvantiConnect Secure Version8.3
PulsesecurePulse Connect Secure Version9.0r2.1
PulsesecurePulse Connect Secure Version9.0r3.1
PulsesecurePulse Connect Secure Version9.0r3.2
PulsesecurePulse Policy Secure Version5.4r1
PulsesecurePulse Policy Secure Version5.4r2
PulsesecurePulse Policy Secure Version5.4r2.1
PulsesecurePulse Policy Secure Version5.4r3
PulsesecurePulse Policy Secure Version5.4r4
PulsesecurePulse Policy Secure Version5.4r5
PulsesecurePulse Policy Secure Version5.4r5.2
PulsesecurePulse Policy Secure Version5.4r6
PulsesecurePulse Policy Secure Version5.4r6.1
PulsesecurePulse Policy Secure Version5.4r7
PulsesecurePulse Policy Secure Version5.4rx
PulsesecurePulse Policy Secure Version9.0r1
PulsesecurePulse Policy Secure Version9.0r2
PulsesecurePulse Policy Secure Version9.0r2.1
PulsesecurePulse Policy Secure Version9.0r3
PulsesecurePulse Policy Secure Version9.0r3.1
PulsesecurePulse Policy Secure Version9.0rx
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 14.76% 0.943
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org 8.3 1.6 6
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
http://www.securityfocus.com/bid/108073
Third Party Advisory
VDB Entry
https://www.kb.cert.org/vuls/id/927237
Third Party Advisory
US Government Resource