CVE-2019-11541

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AC:L/AV:N/A:L/C:L/I:L/PR:N/S:C/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
ivanticonnect_secure
8.2
ivanticonnect_secure
8.3
pulsesecurepulse_connect_secure
8.2r1.0:r1.0
pulsesecurepulse_connect_secure
8.2r1.1:r1.1
pulsesecurepulse_connect_secure
8.2r2.0:r2.0
pulsesecurepulse_connect_secure
8.2r3.0:r3.0
pulsesecurepulse_connect_secure
8.2r3.1:r3.1
pulsesecurepulse_connect_secure
8.2r4.0:r4.0
pulsesecurepulse_connect_secure
8.2r4.1:r4.1
pulsesecurepulse_connect_secure
8.2r5.0:r5.0
pulsesecurepulse_connect_secure
8.2r5.1:r5.1
pulsesecurepulse_connect_secure
8.2r6.0:r6.0
pulsesecurepulse_connect_secure
8.2r7.0:r7.0
pulsesecurepulse_connect_secure
8.2r7.1:r7.1
pulsesecurepulse_connect_secure
8.2rx:rx
pulsesecurepulse_connect_secure
8.3rx:rx
pulsesecurepulse_connect_secure
9.0r1:r1
pulsesecurepulse_connect_secure
9.0r2:r2
pulsesecurepulse_connect_secure
9.0r2.1:r2.1
pulsesecurepulse_connect_secure
9.0r3:r3
pulsesecurepulse_connect_secure
9.0r3.1:r3.1
pulsesecurepulse_connect_secure
9.0r3.2:r3.2
pulsesecurepulse_connect_secure
9.0rx:rx
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/108073
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://www.kb.cert.org/vuls/id/927237
http://www.securityfocus.com/bid/108073
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://www.kb.cert.org/vuls/id/927237