Reset Search
 

 

Article

SA40771 - 2017-07 Security Bulletin: Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS): Cross Site Scripting Issue

« Go Back

Information

 
Product Affected
Problem
Multiple cross site scripting issues has been found in the Pulse Connect Secure / Pulse Policy Secure device. The cause of this issue is due to incorrect validation of user input sent to the web server.  This does require the user to be logged in as administrator and not applicable end user portal.

These issues have been assigned the following CVEs:
  • CVE-2017-11194
  • CVE-2017-11196
  • CVE-2017-11195
  • CVE-2017-11193
Solution
This issue is applicable to all supported PCS / PPS releases. Pulse Secure is working on tentative timelines for these releases.  The advisory will be updated once these releases are available.


July 12, 2017 - Initial document posted
Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert TypeSA - Security Advisory
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255