CVE-2015-7322

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests.

Published: Oct 5, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-7322
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
juniper / pulse_connect_secure	8.0	8.0.x
juniper / pulse_connect_secure	7.4	7.4.x
juniper / pulse_connect_secure	8.1	8.1.x
juniper / pulse_connect_secure	7.1	7.1.x

http://www.securitytracker.com/id/1033685
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40053
https://profundis-labs.com/advisories/CVE-2015-7322.txt

Vulnerability Database

289,782

CVE-2015-7322