CVE-2020-8255

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
pulsesecurepulse_secure_desktop_client
𝑥
< 9.1
pulsesecurepulse_secure_desktop_client
9.1
pulsesecurepulse_secure_desktop_client
9.1:r1
pulsesecurepulse_secure_desktop_client
9.1:r2
pulsesecurepulse_secure_desktop_client
9.1:r3
pulsesecurepulse_secure_desktop_client
9.1:r3.1
pulsesecurepulse_secure_desktop_client
9.1:r4
pulsesecurepulse_secure_desktop_client
9.1:r4.1
pulsesecurepulse_secure_desktop_client
9.1:r4.2
pulsesecurepulse_secure_desktop_client
9.1:r5
pulsesecurepulse_secure_desktop_client
9.1:r6
pulsesecurepulse_secure_desktop_client
9.1:r7
pulsesecurepulse_secure_desktop_client
9.1:r7.1
pulsesecurepulse_secure_desktop_client
9.1:r8
pulsesecurepulse_secure_desktop_client
9.1:r8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601