CVE-2019-11507

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
5.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AC:H/AV:N/A:L/C:L/I:L/PR:N/S:C/UI:R
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
ivanticonnect_secure
8.3:r1
ivanticonnect_secure
8.3:r1.1
ivanticonnect_secure
8.3:r2
ivanticonnect_secure
8.3:r2.1
ivanticonnect_secure
8.3:r3
ivanticonnect_secure
8.3:r4
ivanticonnect_secure
8.3:r5
ivanticonnect_secure
8.3:r5.1
ivanticonnect_secure
8.3:r5.2
ivanticonnect_secure
8.3:r6
ivanticonnect_secure
8.3:r6.1
ivanticonnect_secure
8.3:r7
ivanticonnect_secure
9.0:r1
ivanticonnect_secure
9.0:r2
ivanticonnect_secure
9.0:r2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/108073
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
https://kb.pulsesecure.net/?atype=sa
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516
https://www.kb.cert.org/vuls/id/927237
http://www.securityfocus.com/bid/108073
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
https://kb.pulsesecure.net/?atype=sa
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516
https://www.kb.cert.org/vuls/id/927237