How can an attacker exploit CVE-2020-8256?

An authenticated attacker can exploit CVE-2020-8256 by utilizing Pulse Collaboration to gain unauthorized file reading access through XXE injection.

What is the severity of CVE-2020-8256?

CVE-2020-8256 has a severity rating of 4.9 (medium).

Which software versions are affected by CVE-2020-8256?

Pulse Connect Secure versions < 9.1R8.2, including 9.0 and 9.1, are affected by CVE-2020-8256.

How can I mitigate CVE-2020-8256?

To mitigate CVE-2020-8256, it is recommended to upgrade Pulse Connect Secure to version 9.1R8.2 or higher.

Vulnerability/
CVE-2020-8256

medium

4.9

CWE

611

29/9/2020

18/11/2024

CVE-2020-8256: XEE

Q: What is CVE-2020-8256?

CVE-2020-8256 is a vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface that could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.

Q: How can I mitigate CVE-2020-8256?

To mitigate CVE-2020-8256, it is recommended to upgrade Pulse Connect Secure to version 9.1R8.2 or higher.

First published: Tue Sep 29 2020(Updated: )

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Connect Secure	<=9.0
Pulsesecure Pulse Connect Secure	=9.1
Pulsesecure Pulse Connect Secure	=9.1-r1
Pulsesecure Pulse Connect Secure	=9.1-r2
Pulsesecure Pulse Connect Secure	=9.1-r3
Pulsesecure Pulse Connect Secure	=9.1-r4
Pulsesecure Pulse Connect Secure	=9.1-r4.1
Pulsesecure Pulse Connect Secure	=9.1-r4.2
Pulsesecure Pulse Connect Secure	=9.1-r4.3
Pulsesecure Pulse Connect Secure	=9.1-r5
Pulsesecure Pulse Connect Secure	=9.1-r6
Pulsesecure Pulse Connect Secure	=9.1-r7
Pulsesecure Pulse Connect Secure	=9.1-r8
Pulsesecure Pulse Connect Secure	=9.1-r8.1
Ivanti Connect Secure	=9.1
Ivanti Connect Secure	=9.1-r1
Ivanti Connect Secure	=9.1-r2
Ivanti Connect Secure	=9.1-r3
Ivanti Connect Secure	=9.1-r4
Ivanti Connect Secure	=9.1-r4.1
Ivanti Connect Secure	=9.1-r4.2
Ivanti Connect Secure	=9.1-r4.3
Ivanti Connect Secure	=9.1-r5
Ivanti Connect Secure	=9.1-r6
Ivanti Connect Secure	=9.1-r7
Ivanti Connect Secure	=9.1-r8
Ivanti Connect Secure	=9.1-r8.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-8256?
CVE-2020-8256 is a vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface that could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.
How can an attacker exploit CVE-2020-8256?
An authenticated attacker can exploit CVE-2020-8256 by utilizing Pulse Collaboration to gain unauthorized file reading access through XXE injection.
What is the severity of CVE-2020-8256?
CVE-2020-8256 has a severity rating of 4.9 (medium).
Which software versions are affected by CVE-2020-8256?
Pulse Connect Secure versions < 9.1R8.2, including 9.0 and 9.1, are affected by CVE-2020-8256.
How can I mitigate CVE-2020-8256?
To mitigate CVE-2020-8256, it is recommended to upgrade Pulse Connect Secure to version 9.1R8.2 or higher.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
agent/description
collector/mitre-cve
source/MITRE
vendor/pulsesecure
canonical/pulsesecure pulse connect secure
version/pulsesecure pulse connect secure/9.0
version/pulsesecure pulse connect secure/9.1
version/pulsesecure pulse connect secure/9.1-r1
version/pulsesecure pulse connect secure/9.1-r2
version/pulsesecure pulse connect secure/9.1-r3
version/pulsesecure pulse connect secure/9.1-r4
version/pulsesecure pulse connect secure/9.1-r4.1
version/pulsesecure pulse connect secure/9.1-r4.2
version/pulsesecure pulse connect secure/9.1-r4.3
version/pulsesecure pulse connect secure/9.1-r5
version/pulsesecure pulse connect secure/9.1-r6
version/pulsesecure pulse connect secure/9.1-r7
version/pulsesecure pulse connect secure/9.1-r8
version/pulsesecure pulse connect secure/9.1-r8.1
vendor/ivanti
canonical/ivanti connect secure
version/ivanti connect secure/9.1
version/ivanti connect secure/9.1-r1
version/ivanti connect secure/9.1-r2
version/ivanti connect secure/9.1-r3
version/ivanti connect secure/9.1-r4
version/ivanti connect secure/9.1-r4.1
version/ivanti connect secure/9.1-r4.2
version/ivanti connect secure/9.1-r4.3
version/ivanti connect secure/9.1-r5
version/ivanti connect secure/9.1-r6
version/ivanti connect secure/9.1-r7
version/ivanti connect secure/9.1-r8
version/ivanti connect secure/9.1-r8.1

CVE-2020-8256: XEE

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-8256?

How can an attacker exploit CVE-2020-8256?

What is the severity of CVE-2020-8256?

Which software versions are affected by CVE-2020-8256?

How can I mitigate CVE-2020-8256?

Company

Resources

Contact