Reset Search



JSA10645 - 2014-09 Security Bulletin: Pulse Connect Secure (PSC) and Pulse Policy Secure (PPS): Cross site scripting issue (CVE-2014-3820)

« Go Back


Product AffectedSA700, SA2500, FIPS SA4000, SA4500, FIPS SA4500, FIPS SA6000, SA6500, FIPS SA6500, MAG2600, MAG4610, MAG6610, MAG6611, IC4000, IC4500, IC6000, IC6500, and FIPS IC6500. The affected software releases includes PCS OS: 8.0, 7.4, 7.1, and PPS 5.0, 4.4, and 4.
A cross site scripting issue has been found in the Pulse Connect Secure and Pulse Policy Secure PCS/PPS products. The problem is a result of incorrect user input validation on the PCS/PPS web server. The issue exists within a web page that is only accessible by an authenticated administrator session.

Pulse Secure security team is not aware of any malicious exploitation of this vulnerability.

No other Pulse Secure products or platforms are affected by this issue.

This issue has been assigned CVE-2014-3820.
The issue is fixed in PCS releases: 8.0r1, 7.4r3, and 7.1r16, and all subsequent releases as well as PPS OS: 5.0r1, 4.4r3, and 4.1r8, and all subsequent releases.

KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.
There is no workaround for this issue. An upgrade to a fixed version of software is required.
How to obtain the patch for this vulnerability:

Software release Service Packages are available by accessing the Licensing and Download Center at  For instructions on downloading software refer to KB40028 - [Customer Support Tools] How to download software using the Licensing & Download Center at
Related Links
CVSS Score9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Risk AssessmentSuccessful exploit of this vulnerability could allow an attacker to dynamically create arbitrary active content which could be rendered in the user's browser, leading to possible session theft, service disruption, or other information disclosure.
Alert TypeSA - Security Advisory
Risk LevelCritical
Attachment 1 
Attachment 2 
Legacy IDJSA10645



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255