CVE-2018-15749 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 18%

Vendor	Product	Version
pulsesecure	pulse_secure_desktop_client	5.3r1:r1
pulsesecure	pulse_secure_desktop_client	5.3r1.1:r1.1
pulsesecure	pulse_secure_desktop_client	5.3r2:r2
pulsesecure	pulse_secure_desktop_client	5.3r3:r3
pulsesecure	pulse_secure_desktop_client	5.3r4:r4
pulsesecure	pulse_secure_desktop_client	5.3r4.1:r4.1
pulsesecure	pulse_secure_desktop_client	5.3r4.2:r4.2
pulsesecure	pulse_secure_desktop_client	5.3rx:rx
pulsesecure	pulse_secure_desktop_client	9.0r1:r1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877