4.9

CVE-2020-8255

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.

Data is provided by the National Vulnerability Database (NVD)
PulsesecurePulse Secure Desktop Client SwPlatformlinux Version < 9.1
PulsesecurePulse Secure Desktop Client Version9.1 Update- SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater1 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater2 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater3 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater3.1 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater4 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater4.1 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater4.2 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater5 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater6 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater7 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater7.1 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater8 SwPlatformlinux
PulsesecurePulse Secure Desktop Client Version9.1 Updater8.2 SwPlatformlinux
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 15.05% 0.943
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.