Reset Search
 

 

Article

SA40211 - [Pulse Secure] Cross site scripting issue (CVE-2016-4790)

« Go Back

Information

 
Product AffectedPulse Connect Secure
Problem
A cross site scripting issue has been discovered in the Pulse Connect Secure device. This issue exists in a file that is located in the authenticated area of the administrative user interface. This issue was assigned: CVE-2016-4790.

This issue was responsibly reported to Pulse Secure by a security researcher. 

Pulse Secure is not aware of any public exploitation of this issue. 
Solution
This issue is resolved in PCS 8.2r1, 8.1r2, 8.0r9, and 7.4r13.4. 

Software downloads can be located on our support site: https://my.pulsesecure.net
Workaround
There are no work arounds for this issue. The only way to resolve the issue is to upgrade to a fixed release of software. 
Implementation
Related Links
CVSS Score9.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Risk Assessment
Acknowledgements
This vulnerability was discovered and responsibly reported to Pulse Secure by Arnold Hölzel.
Alert TypeSA - Security Advisory
Risk LevelCritical
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255