CVE-2016-4791

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
ivanticonnect_secure
8.1
pulsesecurepulse_connect_secure
8.1r1.0:r1.0
ivanticonnect_secure
8.2
ivanticonnect_secure
8.0
pulsesecurepulse_connect_secure
7.4
𝑥
= Vulnerable software versions
References
http://www.securitytracker.com/id/1035932
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210
http://www.securitytracker.com/id/1035932
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210