Vulnerability Description
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Connect Secure | 8.1 |
| Pulsesecure | Pulse Connect Secure | 8.1r1.0 |
| Pulsesecure | Pulse Policy Secure | 5.2r1.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108073Broken LinkThird Party AdvisoryVDB Entry
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Vendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/Vendor Advisory
- https://www.kb.cert.org/vuls/id/927237Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/108073Broken LinkThird Party AdvisoryVDB Entry
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101Vendor Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/Vendor Advisory
- https://www.kb.cert.org/vuls/id/927237Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-11543?
CVE-2019-11543 is a vulnerability with a CVSS score of 6.1 (MEDIUM). XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX...
How severe is CVE-2019-11543?
CVE-2019-11543 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11543?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Connect Secure, Pulsesecure Pulse Connect Secure, Pulsesecure Pulse Policy Secure.