#VU40257 Input validation error in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2016-4792
Published: May 26, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40257
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-4792
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Connect Secure (formerly Pulse Connect Secure)
Software vendor:
Ivanti
Ivanti
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.
Remediation
Install update from vendor's website.