Reset Search
 

 
Article

JSA10489 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS) & Pulse Policy Secure (PPS): Cross Site Scripting Issue during Sign-In

Printable View
« Go Back

Information

 
Product AffectedPCS: SA 500, SA 700, SA 2000, SA 2500, SA 4000, SA 4500, SA 6000, SA 6500, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS,MAG2600, MAG4610, MAG-SM160, MAG-SM360
<BR>
PPS: IC4000, IC4500, IC6000, IC6500, IC6500 FIPS, MAG2600, MAG4610, MAG-SM160, MAG
Problem
Cross Site Scripting issue during sign in.
Solution
The following software releases have a fix for this issue:
PCS: 6.5R9; 7.0R5, 7.1R2 or higher.
PPS: 4.1R2 or higher.
We recommend upgrading your software to resolve this security vulnerability.

Note: Pulse Secure policy is to only publish fixes for release that have not yet reached End-of-Engineering. These issues were reported prior to 6.5 reaching its End-of-Engineering date so the fixes for this release are published in this Security Bulletin.


 
Workaround
None.
Implementation
Related Links
To download the latest software, please visit http://my.pulsesecure.net
CVSS Score5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Risk Assessment- You can gain unauthorized access to protected resources.
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2011-08-343, JSA10489

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255