First published: Sat Mar 16 2019(Updated: )
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | =8.3-r1 | |
Pulsesecure Pulse Policy Secure | =5.4-r1 | |
Ivanti Connect Secure | =8.3-r1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-20810.
The title of this vulnerability is 'Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2.'
The severity of CVE-2018-20810 is critical with a severity value of 9.8.
Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2 are affected by CVE-2018-20810. It is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
To fix CVE-2018-20810, update Pulse Secure Pulse Connect Secure (PCS) to version 8.3R2 or later and update Pulse Policy Secure (PPS) to version 5.4R2 or later.