CVE-2018-20814

{"id": "CVE-2018-20814", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-06-28T18:15:11.237", "references": [{"url": "http://www.securityfocus.com/bid/109033", "source": "cve@mitre.org"}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX."}, {"lang": "es", "value": "Se ha encontrado un fallo de Cross-Site Scripting (XSS) con Psaldownload.cgi en Pulse Secure Pulse Connect Secure (PCS) versi\u00f3n 8.3R2 anteriores a la 8.3R2 y Pulse Policy Secure (PPS) versi\u00f3n 5.4RX anteriores a la versi\u00f3n 5.4R2. Esto no es aplicable a PC versi\u00f3n 8.1RX o PPS 5.2RX."}], "lastModified": "2024-02-27T21:04:17.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2871AAD9-FC12-4E2D-B722-0F721D7FE101"}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7D1B75B-CFB5-48ED-847A-D60E14A72C71"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}