SA43018 - 2018-01 Out-Of-Cycle Advisory: Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS): Cross Site Scripting Issue

Printable View

« Go Back

Information

Product Affected	Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS)

Problem

A cross site scripting issue with custompage.cgi has been found in the Pulse Connect Secure / Pulse Policy Secure device. The cause is due to one of the URL parameters not sanitized. This does require the user to be logged in to the administrator portal and not applicable to end user portal.

CVE-2017-17947 has been assigned to it.

Solution

This issue is resolved in the following PCS/PPS releases:

Pulse Connect Secure-8.3R3 Software (Build 59199) is now available for download on Pulse Secure Licensing and Download Center
Pulse Connect Secure-8.2R9 Software (Build 58917) is now available for download on Pulse Secure Licensing and Download Center
Pulse Connect Secure-8.1R13 Software (Build 59735) is now available for download on Pulse Secure Licensing and Download Center
Pulse Connect Secure-8.0R17.0 Software (Build 58013) is now available for download on Pulse Secure Licensing and Download Center

Pulse Policy Secure-5.4R3 Software (Build 45797) is now available for download on Pulse Secure Licensing and Download Center
Pulse Policy Secure-5.3R9 Software (Build 45519) is now available for download on Pulse Secure Licensing and Download Center
Pulse Policy Secure-5.2R10 Software (Build 46381) is now available for download on Pulse Secure Licensing and Download Center

Version history:

January 02, 2018 - Fixed versions PCS 8.3R2.1, 8.2R8.2, 8.1R12.1 and 8.0R17 / PPS 5.4R2.1, 5.3R8.2 and 5.2R91 released

Workaround

Implementation

Related Articles

SA43018 - 2018-01 Out-Of-Cycle Advisory: Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS): Cross Site Scripting Issue

Information

Feedback

Was this article helpful?