Junos Pulse Secure Access IVE / UAC OS XSS (JSA10645)
High Nessus Plugin ID 77689
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version, the version of IVE / UAC OS running on the remote host is affected by a cross site scripting vulnerability due to incorrect user input validation on the SSL VPN / UAC web server. Note that this issue exists within a web page that is only accessible by an authenticated administrator session.
SolutionUpgrade to Juniper Junos IVE OS version 7.1r18 / 7.3r10 / 7.4r8 / 8.0r1 or later or UAC OS version 4.1r8 / 4.4r8 / 5.0r1 or later.