Reset Search
 

 

Article

JSA10511 - 2012-06 Security Bulletin: Pulse Connect Secure (PCS): Cross site scripting issue

« Go Back

Information

 
Product AffectedPCS: SA 700, SA 2000, SA 2500, SA 4000, SA 4500, SA 6000, SA 6500, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS, MAG2600, MAG4610, MAG-SM160, MAG-SM360
Problem
A cross site scripting issue has been found in the Pulse Connect Secure (PCS) product. The issue is the result of incorrect validation of user input sent to the PCS web server. This issue exists within a file that pertains to login pages.

 

No other Pulse Secure products or platforms are affected by this issue.

Solution
The issue is fixed in PCS releases 7.1R1, 7.2R1, and all subsequent releases.

 

 

 

 

Workaround

There are no viable workarounds for this issue.

Implementation
Related Links
To access the latest software, please visit:  http://my.pulsesecure.net
CVSS Score5.0
Risk AssessmentSuccessful exploit of this vulnerability could allow an attacker to dynamically create arbitrary active content which could be rendered in the user's browser, leading to possible session theft or other information disclosure.
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2012-06-609, JSA10511

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255