JSA10399 - Security Vulnerability in Pulse Policy Secure (PPS) software's radius authentication mechanism

This Security Advisory is an addendum to JSA10380.. The purpose is to notify customers of the removal of the affected releases from the Pulse Secure software download site.

Pulse Secure recommends that each customer review their currently deployed software and upgrade if required.

Pulse Secure has resolved this issue in the following releases and later:
2.1R4 and higher
2.2RX

This vulnerability is not present in any 2.x or older versions of PPS OS.

Pulse Secure will be removing software from the Pulse Secure Portal which does not have the fix for Security Advisory JSA10380. This will minimize the risk to customers inadvertently deploying software which they would have otherwise believed to be "fixed." This removal will be effective immediately for the following releases of PPS OS:

2.1R3 Software ONLY
2.1R2 Software ONLY
2.1R1.1 Software ONLY

Please upgrade to a validated fixed version if you have deployed any of these images.

JSA10380 - Security Vulnerability in Pulse Policy Secure Platform’s Radius Authentication Server used in a Realm not doing Radius Proxy.

Software Release Service Packages are available at Pulse Secure Licensing and Download Center: https://my.pulsesecure.net. Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.