Reset Search
 

 

Article

JSA10554 - 2013-03: Security Bulletin: Pulse Connect Secure (PCS): Multiple cross site scripting issues

« Go Back

Information

 
Product AffectedPCS: SA700, SA2500, SA2000, FIPS SA4000, SA4500, SA4000, FIPS SA4500, FIPS SA6000, SA6500, SA6000, FIPS SA6500, MAG2600, MAG4610, MAG6610, MAG6611, Virtual Appliance
Problem
Multiple cross site scripting issues have been found in the Pulse Connect Secure (PCS) product. The issue is the result of incorrect validation of user input sent to the web server. This issue exists within a file that pertains to login pages, as well as a support related page that is only accessible by an authenticated session.

Pulse Secure SIRT is not aware of any malicious exploitation of this vulnerability.

 
Solution
The issues contained in this advisory are fixed in PCS OS releases 7.1r13, 7.2r7, 7.3r2, and all subsequent releases.


 
Workaround
There are no known workarounds for this issue. The only way to correct this vulnerability is to upgrade to software that contains a fix.
Implementation
To download the latest release of Pulse Secure software, please go to http://my.pulsesecure.net

 
Related Links
CVSS Score7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Risk Assessment
Acknowledgements
Pulse Secure would like to thank Anil Pazvant for responsibly reporting one of the issues contained in this advisory to us.
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2013-03-874, JSA10554

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255