What is CVE-2020-8219?

CVE-2020-8219 is an insufficient permission check vulnerability in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.

What is the severity of CVE-2020-8219?

The severity of CVE-2020-8219 is high with a CVSS score of 7.2.

Which software versions are affected by CVE-2020-8219?

Pulse Connect Secure versions up to 9.1R8 are affected by CVE-2020-8219.

How can an attacker exploit CVE-2020-8219?

An attacker can exploit CVE-2020-8219 by exploiting insufficient permission checks to change the password of a full administrator.

Where can I find more information about CVE-2020-8219?

You can find more information about CVE-2020-8219 at the following link: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

Vulnerability/
CVE-2020-8219

high

7.2

CWE

276 280

30/7/2020

4/8/2024

CVE-2020-8219

Q: What is the severity of CVE-2020-8219?

The severity of CVE-2020-8219 is high with a CVSS score of 7.2.

Q: Which software versions are affected by CVE-2020-8219?

Pulse Connect Secure versions up to 9.1R8 are affected by CVE-2020-8219.

Q: How can an attacker exploit CVE-2020-8219?

An attacker can exploit CVE-2020-8219 by exploiting insufficient permission checks to change the password of a full administrator.

Q: Where can I find more information about CVE-2020-8219?

You can find more information about CVE-2020-8219 at the following link: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

First published: Thu Jul 30 2020(Updated: )

An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Connect Secure	<=9.0
Pulsesecure Pulse Connect Secure	=9.1
Pulsesecure Pulse Connect Secure	=9.1-r1
Pulsesecure Pulse Connect Secure	=9.1-r2
Pulsesecure Pulse Connect Secure	=9.1-r3
Pulsesecure Pulse Connect Secure	=9.1-r4
Pulsesecure Pulse Connect Secure	=9.1-r4.1
Pulsesecure Pulse Connect Secure	=9.1-r4.2
Pulsesecure Pulse Connect Secure	=9.1-r4.3
Pulsesecure Pulse Connect Secure	=9.1-r5
Pulsesecure Pulse Connect Secure	=9.1-r6
Pulsesecure Pulse Connect Secure	=9.1-r7
Pulsesecure Pulse Policy Secure	<=9.0
Pulsesecure Pulse Policy Secure	=9.1
Pulsesecure Pulse Policy Secure	=9.1-r1
Pulsesecure Pulse Policy Secure	=9.1-r2
Pulsesecure Pulse Policy Secure	=9.1-r3
Pulsesecure Pulse Policy Secure	=9.1-r3.1
Pulsesecure Pulse Policy Secure	=9.1-r4
Pulsesecure Pulse Policy Secure	=9.1-r4.1
Pulsesecure Pulse Policy Secure	=9.1-r4.2
Pulsesecure Pulse Policy Secure	=9.1-r5
Pulsesecure Pulse Policy Secure	=9.1-r6
Pulsesecure Pulse Policy Secure	=9.1-r7
Ivanti Connect Secure	=9.1
Ivanti Connect Secure	=9.1-r1
Ivanti Connect Secure	=9.1-r2
Ivanti Connect Secure	=9.1-r3
Ivanti Connect Secure	=9.1-r4
Ivanti Connect Secure	=9.1-r4.1
Ivanti Connect Secure	=9.1-r4.2
Ivanti Connect Secure	=9.1-r4.3
Ivanti Connect Secure	=9.1-r5
Ivanti Connect Secure	=9.1-r6
Ivanti Connect Secure	=9.1-r7
Ivanti Policy Secure	=9.1
Ivanti Policy Secure	=9.1-r1
Ivanti Policy Secure	=9.1-r2
Ivanti Policy Secure	=9.1-r3
Ivanti Policy Secure	=9.1-r3.1
Ivanti Policy Secure	=9.1-r4
Ivanti Policy Secure	=9.1-r4.1
Ivanti Policy Secure	=9.1-r4.2
Ivanti Policy Secure	=9.1-r5
Ivanti Policy Secure	=9.1-r6
Ivanti Policy Secure	=9.1-r7

Never miss a vulnerability like this again

Reference Links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

Frequently Asked Questions

What is CVE-2020-8219?
CVE-2020-8219 is an insufficient permission check vulnerability in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
What is the severity of CVE-2020-8219?
The severity of CVE-2020-8219 is high with a CVSS score of 7.2.
Which software versions are affected by CVE-2020-8219?
Pulse Connect Secure versions up to 9.1R8 are affected by CVE-2020-8219.
How can an attacker exploit CVE-2020-8219?
An attacker can exploit CVE-2020-8219 by exploiting insufficient permission checks to change the password of a full administrator.
Where can I find more information about CVE-2020-8219?
You can find more information about CVE-2020-8219 at the following link: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

collector/nvd-index
agent/weakness
agent/type
agent/first-publish-date
agent/references
agent/author
agent/severity
agent/event
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/pulsesecure
canonical/pulsesecure pulse connect secure
version/pulsesecure pulse connect secure/9.0
version/pulsesecure pulse connect secure/9.1
version/pulsesecure pulse connect secure/9.1-r1
version/pulsesecure pulse connect secure/9.1-r2
version/pulsesecure pulse connect secure/9.1-r3
version/pulsesecure pulse connect secure/9.1-r4
version/pulsesecure pulse connect secure/9.1-r4.1
version/pulsesecure pulse connect secure/9.1-r4.2
version/pulsesecure pulse connect secure/9.1-r4.3
version/pulsesecure pulse connect secure/9.1-r5
version/pulsesecure pulse connect secure/9.1-r6
version/pulsesecure pulse connect secure/9.1-r7
canonical/pulsesecure pulse policy secure
version/pulsesecure pulse policy secure/9.0
version/pulsesecure pulse policy secure/9.1
version/pulsesecure pulse policy secure/9.1-r1
version/pulsesecure pulse policy secure/9.1-r2
version/pulsesecure pulse policy secure/9.1-r3
version/pulsesecure pulse policy secure/9.1-r3.1
version/pulsesecure pulse policy secure/9.1-r4
version/pulsesecure pulse policy secure/9.1-r4.1
version/pulsesecure pulse policy secure/9.1-r4.2
version/pulsesecure pulse policy secure/9.1-r5
version/pulsesecure pulse policy secure/9.1-r6
version/pulsesecure pulse policy secure/9.1-r7
vendor/ivanti
canonical/ivanti connect secure
version/ivanti connect secure/9.1
version/ivanti connect secure/9.1-r1
version/ivanti connect secure/9.1-r2
version/ivanti connect secure/9.1-r3
version/ivanti connect secure/9.1-r4
version/ivanti connect secure/9.1-r4.1
version/ivanti connect secure/9.1-r4.2
version/ivanti connect secure/9.1-r4.3
version/ivanti connect secure/9.1-r5
version/ivanti connect secure/9.1-r6
version/ivanti connect secure/9.1-r7
canonical/ivanti policy secure
version/ivanti policy secure/9.1
version/ivanti policy secure/9.1-r1
version/ivanti policy secure/9.1-r2
version/ivanti policy secure/9.1-r3
version/ivanti policy secure/9.1-r3.1
version/ivanti policy secure/9.1-r4
version/ivanti policy secure/9.1-r4.1
version/ivanti policy secure/9.1-r4.2
version/ivanti policy secure/9.1-r5
version/ivanti policy secure/9.1-r6
version/ivanti policy secure/9.1-r7