Main Vulnerability Database Vulnerabilities #VU37141

#VU37141 Input validation error in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2018-9849

Published: May 10, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37141

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-9849

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)

Software vendor:
Ivanti

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.

Remediation

Install update from vendor's website.

#VU37141 Input validation error in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2018-9849

Description

Remediation

External links

Please verify you're human