Reset Search



JSA10443 - 2010-06 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Connecting to untrusted PCS or PPS

« Go Back


Product AffectedPCS: SA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA 6500, SA 3000 FIPS, SA 4000 FIPS, SA 4500 FIPS, SA 5000 FIPS, SA 6000 FIPS, SA 6500 FIPS
PPS: IC4000, IC4500, IC6000, IC6500, IC6500 FIPS
PCS and PPS use ActiveX controls or Java applets to install and launch client software from a web browser. Due to the inherent problems with using ActiveX and Java applet, users can unknowingly connect to untrusted/rogue PCS and PPS and components can be launched without their knowledge.
The Trusted Server List (also known as Whitelist) is a new feature added to address the issue.

Due to the behavioral change and impact of the end user environment, Pulse Secure has added this feature in PCS 6.5 release and higher and PPS 3.1 release and higher.
Related Links
CVSS Score5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Risk AssessmentUser can unknowingly connect to a rogue PCS or PPS.
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2010-05-750, JSA10443



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255