Reset Search



JSA10512 - 2012-06 Security Bulletin: Pulse Connect Secure (PCS): Open redirect issue

« Go Back


Product AffectedSA 700, SA 2000, SA 2500, SA 4000, SA 4500, SA 6000, SA 6500, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS, MAG2600, MAG4610, MAG-SM160, MAG-SM360
A open redirect issue has been found in the Pulse Connect Secure (PCS) product. The issue is caused by incorrect validation of user input sent to the PCS web server. The issue exists in the landing page which is displayed to the user after the user has logged into the PCS.


No other Pulse Secure products or platforms are vulnerable to this issue.

The issue is fixed in PCS releases 7.1R8, 7.2R1, and all subsequent releases.






There is no viable workaround for this issue.

Related Links
Patched Software Release Service Packages are available at Pulse Secure Licensing and Download Center: Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.
CVSS Score5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Risk AssessmentAn "open redirect" could allow an attacker to create a URL that looks like a trusted link to the PCS but instead redirects the user to a website of the attackers choice. For the exploit to succeed, the user must already be logged in to the PCS server, and the attacker would need to create some sort of interaction with the user to cause the user to click on the malicious link.

Information for how Pulse Secure uses CVSS can be found at KB16446 "Common Vulnerability Scoring System (CVSS) and Pulse Secure's Security Advisories."
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2012-06-610, JSA10512



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255