CVE-2018-14366
published 2018-09-06CVE-2018-14366: download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX…
PriorityP422medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.48%
70.7th percentile
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| pulsesecure | pulse_connect_secure | — | — |
| pulsesecure | pulse_connect_secure | — | — |
| pulsesecure | pulse_connect_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
| pulsesecure | pulse_policy_secure | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2018-14366
vendor_ivanti·2018-09-06·CVSS 6.1
CVE-2018-14366 [MEDIUM] CWE-601 Ivanti Security Advisory: CVE-2018-14366
Ivanti Security Advisory: CVE-2018-14366
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
CVE IDs: CVE-2018-14366
CVSS Base Score: 6.1
Severity: MEDIUM
CWEs: CWE-601
GHSA
GHSA-8mgx-h5p4-xxxm: download
ghsa_unreviewed·2022-05-13
CVE-2018-14366 [MEDIUM] CWE-601 GHSA-8mgx-h5p4-xxxm: download
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-09-06
Published