Main Vulnerability Database Vulnerabilities #VU40258

#VU40258 Input validation error in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2016-4791

Published: May 26, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40258

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-4791

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)

Software vendor:
Ivanti

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.

Remediation

Install update from vendor's website.

#VU40258 Input validation error in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2016-4791

Description

Remediation

External links

Please verify you're human