CVE-2020-8256
30.09.2020, 18:15
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ivanti | connect_secure | 9.1 |
| ivanti | connect_secure | 9.1:r1 |
| ivanti | connect_secure | 9.1:r2 |
| ivanti | connect_secure | 9.1:r3 |
| ivanti | connect_secure | 9.1:r4 |
| ivanti | connect_secure | 9.1:r4.1 |
| ivanti | connect_secure | 9.1:r4.2 |
| ivanti | connect_secure | 9.1:r4.3 |
| ivanti | connect_secure | 9.1:r5 |
| ivanti | connect_secure | 9.1:r6 |
| ivanti | connect_secure | 9.1:r7 |
| ivanti | connect_secure | 9.1:r8 |
| ivanti | connect_secure | 9.1:r8.1 |
| pulsesecure | pulse_connect_secure | 𝑥 ≤ 9.0 |
𝑥
= Vulnerable software versions
References