CVE-2019-11507
In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.
| Software | From | Fixed in |
|---|---|---|
| ivanti / connect_secure | 9.0-r1 | 9.0-r1.x |
| ivanti / connect_secure | 9.0-r2 | 9.0-r2.x |
| ivanti / connect_secure | 9.0-r2.1 | 9.0-r2.1.x |
| ivanti / connect_secure | 8.3-r1 | 8.3-r1.x |
| ivanti / connect_secure | 8.3-r2 | 8.3-r2.x |
| ivanti / connect_secure | 8.3-r2.1 | 8.3-r2.1.x |
| ivanti / connect_secure | 8.3-r3 | 8.3-r3.x |
| ivanti / connect_secure | 8.3-r6 | 8.3-r6.x |
| ivanti / connect_secure | 8.3-r6.1 | 8.3-r6.1.x |
| ivanti / connect_secure | 8.3-r1.1 | 8.3-r1.1.x |
| ivanti / connect_secure | 8.3-r4 | 8.3-r4.x |
| ivanti / connect_secure | 8.3-r5 | 8.3-r5.x |
| ivanti / connect_secure | 8.3-r5.1 | 8.3-r5.1.x |
| ivanti / connect_secure | 8.3-r5.2 | 8.3-r5.2.x |
| ivanti / connect_secure | 8.3-r7 | 8.3-r7.x |
- http://www.securityfocus.com/bid/108073
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
- https://kb.pulsesecure.net/?atype=sa
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516
- https://www.kb.cert.org/vuls/id/927237
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime