CVE-2018-14366 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Vendor	Product	Version
ivanti	connect_secure	8.1
ivanti	connect_secure	8.3
pulsesecure	pulse_connect_secure	8.1r1.0:r1.0
pulsesecure	pulse_connect_secure	8.1rx:rx
pulsesecure	pulse_connect_secure	8.3rx:rx
pulsesecure	pulse_policy_secure	5.2r1.0:r1.0
pulsesecure	pulse_policy_secure	5.2r2.0:r2.0
pulsesecure	pulse_policy_secure	5.2r3.0:r3.0
pulsesecure	pulse_policy_secure	5.2r3.2:r3.2
pulsesecure	pulse_policy_secure	5.2r4.0:r4.0
pulsesecure	pulse_policy_secure	5.2r5.0:r5.0
pulsesecure	pulse_policy_secure	5.2r6.0:r6.0
pulsesecure	pulse_policy_secure	5.2r7.0:r7.0
pulsesecure	pulse_policy_secure	5.2r7.1:r7.1
pulsesecure	pulse_policy_secure	5.2r8.0:r8.0
pulsesecure	pulse_policy_secure	5.2r9.0:r9.0
pulsesecure	pulse_policy_secure	5.2r9.1:r9.1
pulsesecure	pulse_policy_secure	5.2rx:rx
pulsesecure	pulse_policy_secure	5.4r1:r1
pulsesecure	pulse_policy_secure	5.4r2:r2
pulsesecure	pulse_policy_secure	5.4r2.1:r2.1
pulsesecure	pulse_policy_secure	5.4r3:r3
pulsesecure	pulse_policy_secure	5.4rx:rx

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877