CVE-2018-9849
First published: Thu May 10 2018(Updated: )
Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Pulse Connect Secure | >=8.1<8.1r14 | |
| Ivanti Pulse Connect Secure | >=8.2<8.2r11 | |
| Ivanti Pulse Connect Secure | >=8.3<8.3r5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-9849?
CVE-2018-9849 is classified as a denial of service vulnerability that can lead to memory consumption and errors.
How do I fix CVE-2018-9849?
To fix CVE-2018-9849, upgrade Pulse Connect Secure to versions 8.1R14, 8.2R11, or 8.3R5 or later.
What software is affected by CVE-2018-9849?
CVE-2018-9849 affects Pulse Connect Secure versions prior to 8.1R14, 8.2R11, and 8.3R5.
What types of attacks can exploit CVE-2018-9849?
CVE-2018-9849 can be exploited by remote attackers using crafted XML documents to cause denial of service.
Is there a workaround for CVE-2018-9849 if I can't upgrade?
There are no known workarounds for CVE-2018-9849, so upgrading to a patched version is strongly recommended.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pulsesecure
- canonical/ivanti pulse connect secure
- version/ivanti pulse connect secure/8.1
- version/ivanti pulse connect secure/8.2
- version/ivanti pulse connect secure/8.3