CVE-2015-7322

CWE-200 — Information Exposure4 documents4 sources

Severity

5.0MEDIUM

EPSS

0.3%

top 48.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Pulse Connect Secure

Timeline

PublishedOct 5

Latest updateMay 17

Description

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDjuniper/pulse_connect_secure4 versions+3

🔴Vulnerability Details

GHSA

GHSA-24w8-j3x9-wx47: The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7↗2022-05-17

▶

CVEList

CVE-2015-7322: The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7↗2015-10-05

▶

📋Vendor Advisories

Juniper

CVE-2015-7322: The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 befor↗2015-10-05

▶