CVE-2016-4791 — Ivanti Connect Secure vulnerability

3 documents3 sources

Severity

8.6HIGHNVD

EPSS

0.2%

top 55.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ivanti Connect Secure Pulsesecure Pulse Connect Secure

Timeline

PublishedMay 26

Latest updateMay 13

Description

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶NVDpulsesecure/pulse_connect_secure7.4, 8.1r1.0+1

▶NVDivanti/connect_secure8.0, 8.1, 8.2+2

🔴Vulnerability Details

GHSA

GHSA-gvx2-gj79-6cxw: The administrative user interface in Pulse Connect Secure (PCS) 8↗2022-05-13

▶

CVEList

CVE-2016-4791: The administrative user interface in Pulse Connect Secure (PCS) 8↗2016-05-26

▶