JSA10511 - 2012-06 Security Bulletin: Pulse Connect Secure (PCS): Cross site scripting issue

Printable View

« Go Back

Information

Product Affected	PCS: SA 700, SA 2000, SA 2500, SA 4000, SA 4500, SA 6000, SA 6500, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS, MAG2600, MAG4610, MAG-SM160, MAG-SM360

Problem

A cross site scripting issue has been found in the Pulse Connect Secure (PCS) product. The issue is the result of incorrect validation of user input sent to the PCS web server. This issue exists within a file that pertains to login pages.

No other Pulse Secure products or platforms are affected by this issue.

Solution

The issue is fixed in PCS releases 7.1R1, 7.2R1, and all subsequent releases.

Workaround

There are no viable workarounds for this issue.

Implementation

Related Links

To access the latest software, please visit: http://my.pulsesecure.net

CVSS Score	5.0

Risk Assessment	Successful exploit of this vulnerability could allow an attacker to dynamically create arbitrary active content which could be rendered in the user's browser, leading to possible session theft or other information disclosure.

Acknowledgements

Alert Type	PSN - Product Support Notification

Risk Level	Medium

Attachment 1

Attachment 2

Legacy ID	PSN-2012-06-609, JSA10511

Related Articles

JSA10511 - 2012-06 Security Bulletin: Pulse Connect Secure (PCS): Cross site scripting issue

Information

Feedback

Was this article helpful?