CVE-2020-8222Path Traversal in Pulse Connect Secure

CWE-22Path Traversal3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.9%
top 24.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Pulsesecure Pulse Connect SecurePulsesecure Pulse Policy SecureIvanti Connect Secure+1 more
Timeline
PublishedJul 30
Latest updateMay 24

Description

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages5 packages

CVEListV5pulsesecure/pulse_connect_secureFixed in 9.1R8

🔴Vulnerability Details

2
GHSA
GHSA-93hm-hh96-x794: A path traversal vulnerability exists in Pulse Connect Secure <92022-05-24
CVEList
CVE-2020-8222: A path traversal vulnerability exists in Pulse Connect Secure <92020-07-30
CVE-2020-8222 — Path Traversal in Pulse Connect Secure | cvebase