Vulnerability identifier: #VU35773
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
Pulse Connect Secure
Server applications / Remote access servers, VPN
Vendor: Pulse Secure
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
Install update from vendor's website.
Vulnerable software versions
Pulse Connect Secure: 8.3
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?