Main Vulnerability Database SB2016041223

SB2016041223 - Improper access control in Pulse Connect Secure

Published: April 12, 2016 Updated: August 9, 2020

Security Bulletin ID SB2016041223

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2016-3985)

The vulnerability allows a remote authenticated user to manipulate data.

The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors.

Remediation

Install update from vendor's website.

References

http://www.securitytracker.com/id/1035129
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40166