First published: Thu Jul 30 2020(Updated: )
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | <=9.0 | |
Pulsesecure Pulse Connect Secure | =9.1 | |
Pulsesecure Pulse Connect Secure | =9.1-r1 | |
Pulsesecure Pulse Connect Secure | =9.1-r2 | |
Pulsesecure Pulse Connect Secure | =9.1-r3 | |
Pulsesecure Pulse Connect Secure | =9.1-r4 | |
Pulsesecure Pulse Connect Secure | =9.1-r4.1 | |
Pulsesecure Pulse Connect Secure | =9.1-r4.2 | |
Pulsesecure Pulse Connect Secure | =9.1-r4.3 | |
Pulsesecure Pulse Connect Secure | =9.1-r5 | |
Pulsesecure Pulse Connect Secure | =9.1-r6 | |
Pulsesecure Pulse Connect Secure | =9.1-r7 | |
Pulsesecure Pulse Policy Secure | <=9.0 | |
Pulsesecure Pulse Policy Secure | =9.1 | |
Pulsesecure Pulse Policy Secure | =9.1-r1 | |
Pulsesecure Pulse Policy Secure | =9.1-r2 | |
Pulsesecure Pulse Policy Secure | =9.1-r3 | |
Pulsesecure Pulse Policy Secure | =9.1-r3.1 | |
Pulsesecure Pulse Policy Secure | =9.1-r4 | |
Pulsesecure Pulse Policy Secure | =9.1-r4.1 | |
Pulsesecure Pulse Policy Secure | =9.1-r4.2 | |
Pulsesecure Pulse Policy Secure | =9.1-r5 | |
Pulsesecure Pulse Policy Secure | =9.1-r6 | |
Pulsesecure Pulse Policy Secure | =9.1-r7 | |
Ivanti Connect Secure | =9.1 | |
Ivanti Connect Secure | =9.1-r1 | |
Ivanti Connect Secure | =9.1-r2 | |
Ivanti Connect Secure | =9.1-r3 | |
Ivanti Connect Secure | =9.1-r4 | |
Ivanti Connect Secure | =9.1-r4.1 | |
Ivanti Connect Secure | =9.1-r4.2 | |
Ivanti Connect Secure | =9.1-r4.3 | |
Ivanti Connect Secure | =9.1-r5 | |
Ivanti Connect Secure | =9.1-r6 | |
Ivanti Connect Secure | =9.1-r7 | |
Ivanti Policy Secure | =9.1 | |
Ivanti Policy Secure | =9.1-r1 | |
Ivanti Policy Secure | =9.1-r2 | |
Ivanti Policy Secure | =9.1-r3 | |
Ivanti Policy Secure | =9.1-r3.1 | |
Ivanti Policy Secure | =9.1-r4 | |
Ivanti Policy Secure | =9.1-r4.1 | |
Ivanti Policy Secure | =9.1-r4.2 | |
Ivanti Policy Secure | =9.1-r5 | |
Ivanti Policy Secure | =9.1-r6 | |
Ivanti Policy Secure | =9.1-r7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8222 is a path traversal vulnerability in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker to perform arbitrary file reading vulnerability through Meeting.
CVE-2020-8222 affects Pulse Connect Secure versions 9.0 and 9.1 up to and including 9.1R7.
CVE-2020-8222 has a severity score of 6.8 (medium).
To fix CVE-2020-8222, upgrade Pulse Connect Secure to version 9.1R8 or later.
You can find more information about CVE-2020-8222 [here](https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516).