CVE-2018-9849 — Pulse Connect Secure vulnerability

3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 36.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pulsesecure Pulse Connect Secure

Timeline

PublishedMay 10

Latest updateMay 13

Description

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDpulsesecure/pulse_connect_secure8.1 — 8.1r14+2

🔴Vulnerability Details

GHSA

GHSA-x545-crqw-4g62: Pulse Secure Pulse Connect Secure 8↗2022-05-13

▶

CVEList

CVE-2018-9849: Pulse Secure Pulse Connect Secure 8↗2018-05-10

▶