CVE-2019-11541

EUVD-2019-3212
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AC:L/AV:N/A:L/C:L/I:L/PR:N/S:C/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
ivanticonnect_secure
8.2
ivanticonnect_secure
8.3
pulsesecurepulse_connect_secure
8.2r1.0:r1.0
pulsesecurepulse_connect_secure
8.2r1.1:r1.1
pulsesecurepulse_connect_secure
8.2r2.0:r2.0
pulsesecurepulse_connect_secure
8.2r3.0:r3.0
pulsesecurepulse_connect_secure
8.2r3.1:r3.1
pulsesecurepulse_connect_secure
8.2r4.0:r4.0
pulsesecurepulse_connect_secure
8.2r4.1:r4.1
pulsesecurepulse_connect_secure
8.2r5.0:r5.0
pulsesecurepulse_connect_secure
8.2r5.1:r5.1
pulsesecurepulse_connect_secure
8.2r6.0:r6.0
pulsesecurepulse_connect_secure
8.2r7.0:r7.0
pulsesecurepulse_connect_secure
8.2r7.1:r7.1
pulsesecurepulse_connect_secure
8.2rx:rx
pulsesecurepulse_connect_secure
8.3rx:rx
pulsesecurepulse_connect_secure
9.0r1:r1
pulsesecurepulse_connect_secure
9.0r2:r2
pulsesecurepulse_connect_secure
9.0r2.1:r2.1
pulsesecurepulse_connect_secure
9.0r3:r3
pulsesecurepulse_connect_secure
9.0r3.1:r3.1
pulsesecurepulse_connect_secure
9.0r3.2:r3.2
pulsesecurepulse_connect_secure
9.0rx:rx
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/108073
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://www.kb.cert.org/vuls/id/927237
http://www.securityfocus.com/bid/108073
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://www.kb.cert.org/vuls/id/927237