Pulse Connect Secure Pulse Policy Secure vulnerabilities

CVE-2020-8260 [HIGH] CWE-434 CVE-2020-8260: A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

CVE-2020-8255 [MEDIUM] CWE-20 CVE-2020-8255: A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.

CVE-2020-8263 [MEDIUM] CWE-79 CVE-2020-8263: A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

CVE-2020-8261 [MEDIUM] CWE-120 CVE-2020-8261: A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.

CVE-2020-8262 [MEDIUM] CWE-79 CVE-2020-8262: A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.