CVE-2019-11541

MEDIUM

Description

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.

References

http://www.securityfocus.com/bid/108073

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

Details

Source: MITRE

Published: 2019-04-26

Updated: 2019-05-01

Type: CWE-287

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH