6.5

CVE-2020-8220

A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IvantiConnect Secure Version9.1 Update-
IvantiConnect Secure Version9.1 Updater1
IvantiConnect Secure Version9.1 Updater2
IvantiConnect Secure Version9.1 Updater3
IvantiConnect Secure Version9.1 Updater4
IvantiConnect Secure Version9.1 Updater4.1
IvantiConnect Secure Version9.1 Updater4.2
IvantiConnect Secure Version9.1 Updater4.3
IvantiConnect Secure Version9.1 Updater5
IvantiConnect Secure Version9.1 Updater6
IvantiConnect Secure Version9.1 Updater7
PulsesecurePulse Connect Secure Version <= 9.0
IvantiPolicy Secure Version9.1 Update-
IvantiPolicy Secure Version9.1 Updater1
IvantiPolicy Secure Version9.1 Updater2
IvantiPolicy Secure Version9.1 Updater3
IvantiPolicy Secure Version9.1 Updater3.1
IvantiPolicy Secure Version9.1 Updater4
IvantiPolicy Secure Version9.1 Updater4.1
IvantiPolicy Secure Version9.1 Updater4.2
IvantiPolicy Secure Version9.1 Updater5
IvantiPolicy Secure Version9.1 Updater6
IvantiPolicy Secure Version9.1 Updater7
PulsesecurePulse Policy Secure Version <= 9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.67% 0.903
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 1.2 5.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.