Reset Search



SA40053 - 2015-09: Security Advisory: Secure Meeting (Pulse Collaboration) information disclosure vulnerability (CVE-2015-7322)

« Go Back


Product AffectedPulse Connect Secure
An information disclosure issue has been discovered in Secure Meeting (Pulse Collaboration). This issue could allow an attacker to enumerate currently in progress meetings on the device. This issue alone will not allow compromise of a meeting as it will only allow an attacker to know which meetings are currently in progress.

This issue affects all currently supported versions of Secure Meeting.

This issue was assigned CVE-2015-7322.

This issue only affects Secure Meeting on the Pulse Connect Secure as no other products are affected by this issue.
This issue has been resolved in the following Pulse Connect Secure software versions:
  • 8.1R3
  • 8.0R11
  • 7.4 ETA in progress
  • 7.1R22.1
Software fixes can be downloaded from the Pulse Secure download site.
There are no known workarounds to this issue besides disabling the Secure Meeting (Pulse Collaboration) feature at the role level. The only way to resolve this issue is to upgrade to a fixed release.
Related Links
CVSS Score5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Risk AssessmentInformation disclosure could allow attackers to grok which meetings were currently valid. This isn't an exploit on its own, but it could aid an attacker if they chained the issue with another exploit.
Pulse Secure would like to thank Philipp Rocholl of Profundis Labs for responsibly disclosing this issue.
Alert TypeSA - Security Advisory
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy ID



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255