CVE-2019-11541

high

Description

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.

References

https://www.kb.cert.org/vuls/id/927237

http://www.securityfocus.com/bid/108073

https://www.tenable.com/blog/cve-2019-11510-proof-of-concept-available-for-arbitrary-file-disclosure-in-pulse-connect-secure

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

Details

Source: Mitre, NVD

Published: 2019-04-26

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.01443

Detections

Analytics