Reset Search
 

 

Article

JSA10443 - 2010-06 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Connecting to untrusted PCS or PPS

« Go Back

Information

 
Product AffectedPCS: SA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA 6500, SA 3000 FIPS, SA 4000 FIPS, SA 4500 FIPS, SA 5000 FIPS, SA 6000 FIPS, SA 6500 FIPS
PPS: IC4000, IC4500, IC6000, IC6500, IC6500 FIPS
Problem
PCS and PPS use ActiveX controls or Java applets to install and launch client software from a web browser. Due to the inherent problems with using ActiveX and Java applet, users can unknowingly connect to untrusted/rogue PCS and PPS and components can be launched without their knowledge.
Solution
The Trusted Server List (also known as Whitelist) is a new feature added to address the issue.

Due to the behavioral change and impact of the end user environment, Pulse Secure has added this feature in PCS 6.5 release and higher and PPS 3.1 release and higher.
Workaround
None
Implementation
Related Links
CVSS Score5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Risk AssessmentUser can unknowingly connect to a rogue PCS or PPS.
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2010-05-750, JSA10443

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255