First published: Sat Mar 16 2019(Updated: )
An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | =8.3-r1 | |
Pulsesecure Pulse Policy Secure | =5.4-r1 | |
Ivanti Connect Secure | =8.3-r1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2018-20814.
The severity of CVE-2018-20814 is medium (6.1).
The affected software for CVE-2018-20814 is Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2.
To fix CVE-2018-20814, update Pulse Connect Secure (PCS) to version 8.3R2 or later, or update Pulse Policy Secure (PPS) to version 5.4R2 or later.
The Common Weakness Enumeration (CWE) for CVE-2018-20814 is CWE-79, which refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').