First published: Fri Apr 26 2019(Updated: )
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | =8.1 | |
Pulsesecure Pulse Connect Secure | =8.1r1.0 | |
Pulsesecure Pulse Connect Secure | =8.1rx | |
Pulsesecure Pulse Connect Secure | =8.3 | |
Pulsesecure Pulse Connect Secure | =8.3rx | |
Pulsesecure Pulse Connect Secure | =9.0r1 | |
Pulsesecure Pulse Connect Secure | =9.0r2 | |
Pulsesecure Pulse Connect Secure | =9.0r2.1 | |
Pulsesecure Pulse Connect Secure | =9.0r3 | |
Pulsesecure Pulse Connect Secure | =9.0r3.1 | |
Pulsesecure Pulse Connect Secure | =9.0r3.2 | |
Pulsesecure Pulse Connect Secure | =9.0rx | |
Pulsesecure Pulse Policy Secure | =5.2r1.0 | |
Pulsesecure Pulse Policy Secure | =5.2r2.0 | |
Pulsesecure Pulse Policy Secure | =5.2r3.0 | |
Pulsesecure Pulse Policy Secure | =5.2r3.2 | |
Pulsesecure Pulse Policy Secure | =5.2r4.0 | |
Pulsesecure Pulse Policy Secure | =5.2r5.0 | |
Pulsesecure Pulse Policy Secure | =5.2r6.0 | |
Pulsesecure Pulse Policy Secure | =5.2r7.0 | |
Pulsesecure Pulse Policy Secure | =5.2r7.1 | |
Pulsesecure Pulse Policy Secure | =5.2r8.0 | |
Pulsesecure Pulse Policy Secure | =5.2r9.0 | |
Pulsesecure Pulse Policy Secure | =5.2r9.1 | |
Pulsesecure Pulse Policy Secure | =5.2r10.0 | |
Pulsesecure Pulse Policy Secure | =5.2r11.0 | |
Pulsesecure Pulse Policy Secure | =5.2rx | |
Pulsesecure Pulse Policy Secure | =5.4r1 | |
Pulsesecure Pulse Policy Secure | =5.4r2 | |
Pulsesecure Pulse Policy Secure | =5.4r2.1 | |
Pulsesecure Pulse Policy Secure | =5.4r3 | |
Pulsesecure Pulse Policy Secure | =5.4r4 | |
Pulsesecure Pulse Policy Secure | =5.4r5 | |
Pulsesecure Pulse Policy Secure | =5.4r5.2 | |
Pulsesecure Pulse Policy Secure | =5.4r6 | |
Pulsesecure Pulse Policy Secure | =5.4r6.1 | |
Pulsesecure Pulse Policy Secure | =5.4r7 | |
Pulsesecure Pulse Policy Secure | =5.4rx | |
Pulsesecure Pulse Policy Secure | =9.0r1 | |
Pulsesecure Pulse Policy Secure | =9.0r2 | |
Pulsesecure Pulse Policy Secure | =9.0r2.1 | |
Pulsesecure Pulse Policy Secure | =9.0r3 | |
Pulsesecure Pulse Policy Secure | =9.0r3.1 | |
Pulsesecure Pulse Policy Secure | =9.0rx | |
Ivanti Connect Secure | =8.1 | |
Ivanti Connect Secure | =8.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11543 is a vulnerability that allows for cross-site scripting (XSS) attacks in the admin web console of Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure.
CVE-2019-11543 has a severity rating of 6.1 (High).
CVE-2019-11543 affects Pulse Secure Pulse Connect Secure versions 8.1, 8.3, and 9.0. Specifically, versions 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 are vulnerable to this XSS vulnerability.
CVE-2019-11543 affects Pulse Policy Secure versions 5.2, 5.4, and 9.0. Specifically, versions 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1 are vulnerable to this XSS vulnerability.
To fix CVE-2019-11543, it is recommended to upgrade Pulse Secure Pulse Connect Secure to version 9.0R3.4, 8.3R7.1, or 8.1R15.1, and upgrade Pulse Policy Secure to version 9.0R3.2, 5.4R7.1, or 5.2R12.1.