CVE-2020-8956 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.3 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitre	CNA	3.8 LOW	LOCAL	LOW	LOW	CVSS:3.0/AC:L/AV:L/A:N/C:L/I:N/PR:L/S:C/UI:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
pulsesecure	pulse_secure_desktop	9.0r1.0:r1.0
pulsesecure	pulse_secure_desktop	9.0r2.0:r2.0
pulsesecure	pulse_secure_desktop	9.0r2.1:r2.1
pulsesecure	pulse_secure_desktop	9.0r3.0:r3.0
pulsesecure	pulse_secure_desktop	9.0r3.1:r3.1
pulsesecure	pulse_secure_desktop	9.0r4.0:r4.0
pulsesecure	pulse_secure_desktop	9.0r4.1:r4.1
pulsesecure	pulse_secure_desktop	9.1r1.0:r1.0
pulsesecure	pulse_secure_desktop	9.1r2.0:r2.0
pulsesecure	pulse_secure_desktop	9.1r3.0:r3.0
pulsesecure	pulse_secure_desktop	9.1r3.1:r3.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-521 - Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601