First published: Wed Oct 28 2020(Updated: )
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | <9.1 | |
Pulsesecure Pulse Connect Secure | =9.1-r1 | |
Pulsesecure Pulse Connect Secure | =9.1-r2 | |
Pulsesecure Pulse Connect Secure | =9.1-r3 | |
Pulsesecure Pulse Connect Secure | =9.1-r4 | |
Pulsesecure Pulse Connect Secure | =9.1-r5 | |
Pulsesecure Pulse Connect Secure | =9.1-r6 | |
Pulsesecure Pulse Connect Secure | =9.1-r7 | |
Pulsesecure Pulse Connect Secure | =9.1-r8 | |
Pulsesecure Pulse Policy Secure | <9.1 | |
Pulsesecure Pulse Policy Secure | =9.1-r1 | |
Pulsesecure Pulse Policy Secure | =9.1-r2 | |
Pulsesecure Pulse Policy Secure | =9.1-r3 | |
Pulsesecure Pulse Policy Secure | =9.1-r4 | |
Pulsesecure Pulse Policy Secure | =9.1-r5 | |
Pulsesecure Pulse Policy Secure | =9.1-r6 | |
Pulsesecure Pulse Policy Secure | =9.1-r7 | |
Pulsesecure Pulse Policy Secure | =9.1-r8 | |
Ivanti Connect Secure | =9.1-r1 | |
Ivanti Connect Secure | =9.1-r2 | |
Ivanti Connect Secure | =9.1-r3 | |
Ivanti Connect Secure | =9.1-r4 | |
Ivanti Connect Secure | =9.1-r5 | |
Ivanti Connect Secure | =9.1-r6 | |
Ivanti Connect Secure | =9.1-r7 | |
Ivanti Connect Secure | =9.1-r8 | |
Ivanti Policy Secure | =9.1-r1 | |
Ivanti Policy Secure | =9.1-r2 | |
Ivanti Policy Secure | =9.1-r3 | |
Ivanti Policy Secure | =9.1-r4 | |
Ivanti Policy Secure | =9.1-r5 | |
Ivanti Policy Secure | =9.1-r6 | |
Ivanti Policy Secure | =9.1-r7 | |
Ivanti Policy Secure | =9.1-r8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8262 is a vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 that could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
The CVE-2020-8262 vulnerability affects Pulse Connect Secure versions below 9.1R9, allowing attackers to perform Cross-Site Scripting (XSS) and Open Redirection attacks on the authenticated user web interface.
CVE-2020-8262 has a severity rating of 6.1, which is considered medium.
To fix the CVE-2020-8262 vulnerability, it is recommended to update Pulse Connect Secure / Pulse Policy Secure to version 9.1R9 or later.
More information about CVE-2020-8262 can be found in the Pulse Security Advisories article at: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601.