Reset Search



JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues

« Go Back


Product AffectedAffected Hardware:
PCS: SA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA 6500, FIPS SA 4000, FIPS SA 6000
PPS: IC4000, IC4500, IC6000, IC6500, FIPS IC 4000, FIPS IC 6000
Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing:
- Issue in archiving web page
- Dig parameter injection issue in troubleshooting web page
Pulse Secure recommends upgrading to one of the following or later releases:
PCS: 5.5R7.1; 6.0R8; 6.1R7; 6.2R3; 6.3R2
PPS: 2.2R3

No workarounds exist for these issues. Software upgrades recommended in this Security Advisory are synchronized with the recommendations in other (JSA10401 and JSA10402). This enables customers to upgrade once and have all issues resolved with the upgrade.
Related Links
Software Release Service Packages are available at Pulse Secure Licensing and Download Center: Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.
CVSS Score
Risk AssessmentYou need to be logged in as Admin however the Admin can be "tricked" into triggering the bug.
Alert TypePSN - Product Support Notification
Risk LevelLow
Attachment 1 
Attachment 2 
Legacy IDPSN-2009-03-248, JSA10400



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255