In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.
References
| Link | Resource |
|---|---|
| https://kb.pulsesecure.net/?atype=sa | Vendor Advisory |
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ | Vendor Advisory |
| https://www.kb.cert.org/vuls/id/927237 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2019-06-03 20:29
Updated : 2024-02-27 21:04
NVD link : CVE-2019-11509
Mitre link : CVE-2019-11509
CVE.ORG link : CVE-2019-11509
JSON object : View
Products Affected
ivanti
- connect_secure
- policy_secure
pulsesecure
- pulse_policy_secure
CWE