Reset Search



SA40054 - 2015-09: Security Advisory: Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization (CVE-2015-7323)

« Go Back


Product AffectedPulse Connect Secure
An authorization bypass issue has been discovered in Secure Meeting (Pulse Collaboration). This issue could allow an authenticated user to log into meetings that they do not have authorization to join. This issue requires the attacker to have a valid account which may lower the risk for most organizations. If an attacker does not have a valid session on the Secure Meeting system they would not be able to exploit this issue. If Secure Meeting is not enabled there would be no exposure to this issue.

This issue affects all currently supported versions of Secure Meeting.

This issue was assigned

This issue only affects Secure Meeting
on the Pulse Connect Secure as no other products are affected by this issue.
This issue has been resolved in the following Pulse Connect Secure software versions:
  • 8.1R3
  • 8.0R11
  • 7.4 ETA in progress
  • 7.1R22.1
Software fixes can be downloaded from the Pulse Secure download site.
There are no known workarounds to this issue besides disabling the Secure Meeting (Pulse Collaboration) feature at the role level. The only way to resolve this issue is to upgrade to a fixed release.
Related Links
CVSS Score5.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)
Risk AssessmentWhen exploited this issue could allow an attacker the ability to join currently in-session meetings if they were aware of which meetings were currently active. The scope of this issue is limited because attackers must obtain a valid user session before they could exploit this problem.
Pulse Secure would like to thank Philipp Rocholl of Profundis Labs for responsibly disclosing this issue.
Alert TypeSA - Security Advisory
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy ID



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255