What software versions are affected by CVE-2020-8222?

CVE-2020-8222 affects Pulse Connect Secure versions 9.0 and 9.1 up to and including 9.1R7.

How severe is CVE-2020-8222?

CVE-2020-8222 has a severity score of 6.8 (medium).

How can I fix CVE-2020-8222?

To fix CVE-2020-8222, upgrade Pulse Connect Secure to version 9.1R8 or later.

Where can I find more information about CVE-2020-8222?

You can find more information about CVE-2020-8222 [here](https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516).

Vulnerability/
CVE-2020-8222

medium

6.8

CWE

30/7/2020

4/8/2024

CVE-2020-8222: Path Traversal

Q: What is CVE-2020-8222?

CVE-2020-8222 is a path traversal vulnerability in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker to perform arbitrary file reading vulnerability through Meeting.

First published: Thu Jul 30 2020(Updated: )

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Connect Secure	<=9.0
Pulsesecure Pulse Connect Secure	=9.1
Pulsesecure Pulse Connect Secure	=9.1-r1
Pulsesecure Pulse Connect Secure	=9.1-r2
Pulsesecure Pulse Connect Secure	=9.1-r3
Pulsesecure Pulse Connect Secure	=9.1-r4
Pulsesecure Pulse Connect Secure	=9.1-r4.1
Pulsesecure Pulse Connect Secure	=9.1-r4.2
Pulsesecure Pulse Connect Secure	=9.1-r4.3
Pulsesecure Pulse Connect Secure	=9.1-r5
Pulsesecure Pulse Connect Secure	=9.1-r6
Pulsesecure Pulse Connect Secure	=9.1-r7
Pulsesecure Pulse Policy Secure	<=9.0
Pulsesecure Pulse Policy Secure	=9.1
Pulsesecure Pulse Policy Secure	=9.1-r1
Pulsesecure Pulse Policy Secure	=9.1-r2
Pulsesecure Pulse Policy Secure	=9.1-r3
Pulsesecure Pulse Policy Secure	=9.1-r3.1
Pulsesecure Pulse Policy Secure	=9.1-r4
Pulsesecure Pulse Policy Secure	=9.1-r4.1
Pulsesecure Pulse Policy Secure	=9.1-r4.2
Pulsesecure Pulse Policy Secure	=9.1-r5
Pulsesecure Pulse Policy Secure	=9.1-r6
Pulsesecure Pulse Policy Secure	=9.1-r7
Ivanti Connect Secure	=9.1
Ivanti Connect Secure	=9.1-r1
Ivanti Connect Secure	=9.1-r2
Ivanti Connect Secure	=9.1-r3
Ivanti Connect Secure	=9.1-r4
Ivanti Connect Secure	=9.1-r4.1
Ivanti Connect Secure	=9.1-r4.2
Ivanti Connect Secure	=9.1-r4.3
Ivanti Connect Secure	=9.1-r5
Ivanti Connect Secure	=9.1-r6
Ivanti Connect Secure	=9.1-r7
Ivanti Policy Secure	=9.1
Ivanti Policy Secure	=9.1-r1
Ivanti Policy Secure	=9.1-r2
Ivanti Policy Secure	=9.1-r3
Ivanti Policy Secure	=9.1-r3.1
Ivanti Policy Secure	=9.1-r4
Ivanti Policy Secure	=9.1-r4.1
Ivanti Policy Secure	=9.1-r4.2
Ivanti Policy Secure	=9.1-r5
Ivanti Policy Secure	=9.1-r6
Ivanti Policy Secure	=9.1-r7

Never miss a vulnerability like this again

Reference Links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

Frequently Asked Questions

What is CVE-2020-8222?
CVE-2020-8222 is a path traversal vulnerability in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker to perform arbitrary file reading vulnerability through Meeting.
What software versions are affected by CVE-2020-8222?
CVE-2020-8222 affects Pulse Connect Secure versions 9.0 and 9.1 up to and including 9.1R7.
How severe is CVE-2020-8222?
CVE-2020-8222 has a severity score of 6.8 (medium).
How can I fix CVE-2020-8222?
To fix CVE-2020-8222, upgrade Pulse Connect Secure to version 9.1R8 or later.
Where can I find more information about CVE-2020-8222?
You can find more information about CVE-2020-8222 [here](https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516).

collector/nvd-index
agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/references
agent/author
agent/event
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/pulsesecure
canonical/pulsesecure pulse connect secure
version/pulsesecure pulse connect secure/9.0
version/pulsesecure pulse connect secure/9.1
version/pulsesecure pulse connect secure/9.1-r1
version/pulsesecure pulse connect secure/9.1-r2
version/pulsesecure pulse connect secure/9.1-r3
version/pulsesecure pulse connect secure/9.1-r4
version/pulsesecure pulse connect secure/9.1-r4.1
version/pulsesecure pulse connect secure/9.1-r4.2
version/pulsesecure pulse connect secure/9.1-r4.3
version/pulsesecure pulse connect secure/9.1-r5
version/pulsesecure pulse connect secure/9.1-r6
version/pulsesecure pulse connect secure/9.1-r7
canonical/pulsesecure pulse policy secure
version/pulsesecure pulse policy secure/9.0
version/pulsesecure pulse policy secure/9.1
version/pulsesecure pulse policy secure/9.1-r1
version/pulsesecure pulse policy secure/9.1-r2
version/pulsesecure pulse policy secure/9.1-r3
version/pulsesecure pulse policy secure/9.1-r3.1
version/pulsesecure pulse policy secure/9.1-r4
version/pulsesecure pulse policy secure/9.1-r4.1
version/pulsesecure pulse policy secure/9.1-r4.2
version/pulsesecure pulse policy secure/9.1-r5
version/pulsesecure pulse policy secure/9.1-r6
version/pulsesecure pulse policy secure/9.1-r7
vendor/ivanti
canonical/ivanti connect secure
version/ivanti connect secure/9.1
version/ivanti connect secure/9.1-r1
version/ivanti connect secure/9.1-r2
version/ivanti connect secure/9.1-r3
version/ivanti connect secure/9.1-r4
version/ivanti connect secure/9.1-r4.1
version/ivanti connect secure/9.1-r4.2
version/ivanti connect secure/9.1-r4.3
version/ivanti connect secure/9.1-r5
version/ivanti connect secure/9.1-r6
version/ivanti connect secure/9.1-r7
canonical/ivanti policy secure
version/ivanti policy secure/9.1
version/ivanti policy secure/9.1-r1
version/ivanti policy secure/9.1-r2
version/ivanti policy secure/9.1-r3
version/ivanti policy secure/9.1-r3.1
version/ivanti policy secure/9.1-r4
version/ivanti policy secure/9.1-r4.1
version/ivanti policy secure/9.1-r4.2
version/ivanti policy secure/9.1-r5
version/ivanti policy secure/9.1-r6
version/ivanti policy secure/9.1-r7

CVE-2020-8222: Path Traversal

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-8222?

What software versions are affected by CVE-2020-8222?

How severe is CVE-2020-8222?

How can I fix CVE-2020-8222?

Where can I find more information about CVE-2020-8222?

Company

Resources

Contact