First published: Thu May 26 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pulse Secure Pulse Connect Secure | =8.1 | |
Pulse Secure Pulse Connect Secure | =8.1r1.0 | |
Pulse Secure Pulse Connect Secure | =8.0 | |
Pulse Secure Pulse Connect Secure | =7.4 | |
Pulse Secure Pulse Connect Secure | =8.2 | |
Ivanti Connect Secure (ICS) VPN | =8.1 | |
Ivanti Connect Secure (ICS) VPN | =8.0 | |
Ivanti Connect Secure (ICS) VPN | =8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-4790 is classified as a medium severity vulnerability due to its potential to allow cross-site scripting attacks.
To mitigate CVE-2016-4790, update your Pulse Connect Secure or Ivanti Connect Secure software to versions 8.2r1, 8.1r2, 8.0r9, or 7.4r13.4 or later.
CVE-2016-4790 affects Pulse Connect Secure versions 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4.
CVE-2016-4790 allows remote attackers to inject arbitrary web scripts or HTML into the administrative user interface.
Organizations using affected versions of Pulse Connect Secure or Ivanti Connect Secure are vulnerable to CVE-2016-4790.