In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://kb.pulsesecure.net/?atype=sa
http://www.securityfocus.com/bid/108073
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
https://lists.apache.org/thread.html/[email protected]%3Cuser.guacamole.apache.org%3E
Source: MITRE
Published: 2019-05-08
Updated: 2023-03-24
Type: CWE-22
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
Base Score: 10
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6
Exploitability Score: 3.9
Severity: CRITICAL