CVE-2018-11002Incorrect Permission Assignment in Pulse Secure Desktop Client

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 69.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pulsesecure Pulse Secure Desktop Client
Timeline
PublishedNov 29
Latest updateMay 13

Description

Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8p7c-f2cf-jq8m: Pulse Secure Desktop Client 52022-05-13
CVEList
CVE-2018-11002: Pulse Secure Desktop Client 52018-11-29
CVE-2018-11002 — Incorrect Permission Assignment | cvebase