Reset Search



JSA10453 - 2010-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Local Client Logging Issue

« Go Back


Product AffectedSA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA
4500, SA 5000, SA 6000, SA 6500, SA 3000 FIPS, SA 5000 FIPS, SA
4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS; IC: IC4000, IC4500, IC6000, IC6500, IC6500 FIPS
User session information is saved to the local system even when client logging is disabled.

Pulse Secure would like to acknowledge Espion Ltd. (Dublin, Ireland) for bringing this to our attention.
The following PCS & PPS software releases have a fix for this issue. We recommend upgrading your software to resolve this security vulnerability.

PCS: 6.4R7; 6.5R5; 7.0R1, or higher.
PPS: 3.1R5; 4.0R1 or higher.
No workaround exists however this issue can be mitigated by disabling Roaming Session.
Related Links
CVSS Score4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N)
Risk Assessment- If your machine is compromised an attacker may get the session information from the client logs & could gain unauthorized access to protected resources.
Alert TypePSN - Product Support Notification
Risk LevelLow
Attachment 1 
Attachment 2 
Legacy IDPSN-2010-08-908, JSA10453



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255