Vulnerability Description
In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Connect Secure | 8.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108073Broken LinkThird Party AdvisoryVDB Entry
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-SecurExploitThird Party Advisory
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-IntranExploitThird Party Advisory
- https://kb.pulsesecure.net/?atype=saThird Party AdvisoryVendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/PatchVendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516Third Party Advisory
- https://www.kb.cert.org/vuls/id/927237Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/108073Broken LinkThird Party AdvisoryVDB Entry
- https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-SecurExploitThird Party Advisory
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-IntranExploitThird Party Advisory
- https://kb.pulsesecure.net/?atype=saThird Party AdvisoryVendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/PatchVendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516Third Party Advisory
- https://www.kb.cert.org/vuls/id/927237Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-11507?
CVE-2019-11507 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.
How severe is CVE-2019-11507?
CVE-2019-11507 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11507?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Connect Secure.