CVE-2019-11541

high

Description

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

http://www.securityfocus.com/bid/108073

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

https://www.kb.cert.org/vuls/id/927237

Details

Source: MITRE

Published: 2019-04-26

Updated: 2023-01-27

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH