Main Vulnerability Database Vulnerabilities #VU35773

#VU35773 Cross-site scripting in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2018-20808

Published: June 28, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35773

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-20808

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)

Software vendor:
Ivanti

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.

Remediation

Install update from vendor's website.

External links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/

#VU35773 Cross-site scripting in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2018-20808

Description

Remediation

External links

Please verify you're human