Pulse Secure is currently evaluating the following issue reported by OpenSSL:
- 0-byte record padding oracle (CVE-2019-1559)
Affected Products:
Pulse Secure is currently investigating all products below to determine which products may be affected by these vulnerabilities and the impact on all supported software versions. Since the investigation is on-going, we suggest to subscribe to this advisory as this document will be periodically updated with the latest status.
0-byte record padding oracle (CVE-2019-1559)
| Pulse Connect Secure | Resolved in
- Pulse Connect Secure 9.1R3
- Pulse Connect Secure 9.0R6
|
| Pulse Policy Secure | Resolved in
- Pulse Policy Secure 9.1R3
- Pulse Policy Secure 9.0R6
|
| All versions of Pulse Desktop Client | Not vulnerable |
| Pulse Mobile (Android) | Resolved in 7.2.2 |
| Pulse Mobile (iOS) | Resolved in 7.3.0 |
| Pulse One | Under review |
LEGAL DISCLAIMER
- THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HEREFROM IS AT THE USER’S OWN RISK. PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.
- A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS. THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.
