Vulnerability Description
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Connect Secure | 8.2 |
| Pulsesecure | Pulse Connect Secure | 8.2r1.0 |
References
- http://www.securityfocus.com/bid/108073Third Party AdvisoryVDB Entry
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Vendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/Vendor Advisory
- https://www.kb.cert.org/vuls/id/927237Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/108073Third Party AdvisoryVDB Entry
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Vendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/Vendor Advisory
- https://www.kb.cert.org/vuls/id/927237Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-11541?
CVE-2019-11541 is a vulnerability with a CVSS score of 7.5 (HIGH). In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option ma...
How severe is CVE-2019-11541?
CVE-2019-11541 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11541?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Connect Secure, Pulsesecure Pulse Connect Secure.