CVE-2020-8206
30.07.2020, 13:15
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ivanti | connect_secure | 9.1 |
| ivanti | connect_secure | 9.1:r1 |
| ivanti | connect_secure | 9.1:r2 |
| ivanti | connect_secure | 9.1:r3 |
| ivanti | connect_secure | 9.1:r4 |
| ivanti | connect_secure | 9.1:r4.1 |
| ivanti | connect_secure | 9.1:r4.2 |
| ivanti | connect_secure | 9.1:r4.3 |
| ivanti | connect_secure | 9.1:r5 |
| ivanti | connect_secure | 9.1:r6 |
| ivanti | connect_secure | 9.1:r7 |
| pulsesecure | pulse_connect_secure | 𝑥 ≤ 9.0 |
| ivanti | policy_secure | 9.1 |
| ivanti | policy_secure | 9.1:r1 |
| ivanti | policy_secure | 9.1:r2 |
| ivanti | policy_secure | 9.1:r3 |
| ivanti | policy_secure | 9.1:r3.1 |
| ivanti | policy_secure | 9.1:r4 |
| ivanti | policy_secure | 9.1:r4.1 |
| ivanti | policy_secure | 9.1:r4.2 |
| ivanti | policy_secure | 9.1:r5 |
| ivanti | policy_secure | 9.1:r6 |
| ivanti | policy_secure | 9.1:r7 |
| pulsesecure | pulse_policy_secure | 𝑥 ≤ 9.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration