Reset Search
 

 

Article

JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues

« Go Back

Information

 
Product AffectedAffected Hardware:
PCS: SA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA 6500, FIPS SA 4000, FIPS SA 6000
PPS: IC4000, IC4500, IC6000, IC6500, FIPS IC 4000, FIPS IC 6000
Problem
Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing:
- Issue in archiving web page
- Dig parameter injection issue in troubleshooting web page
Solution
Pulse Secure recommends upgrading to one of the following or later releases:
PCS: 5.5R7.1; 6.0R8; 6.1R7; 6.2R3; 6.3R2
PPS: 2.2R3

No workarounds exist for these issues. Software upgrades recommended in this Security Advisory are synchronized with the recommendations in other (JSA10401 and JSA10402). This enables customers to upgrade once and have all issues resolved with the upgrade.
Workaround
Implementation
Related Links
Software Release Service Packages are available at Pulse Secure Licensing and Download Center: https://my.pulsesecure.net. Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.
CVSS Score
Risk AssessmentYou need to be logged in as Admin however the Admin can be "tricked" into triggering the bug.
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelLow
Attachment 1 
Attachment 2 
Legacy IDPSN-2009-03-248, JSA10400

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255