Reset Search
 

 

Article

JSA10401 - Pulse Connect Secure (PCS) product - PCS Security Bundle - Internal System Function

« Go Back

Information

 
Product AffectedAffected Hardware: PCS: PCS500, PCS700, PCS1000, PCS2000, PCS2500, PCS3000, PCS4000, PCS4500, PCS5000, PCS6000, PCS6500 FIPS, PCS4000 FIPS , PCS6000
Problem
Internal System Function vulnerabilities found and fixed through a combination of internal and external proactive security testing:
  • Issue with special characters used in a parameter in dsrecord, log upload, attendee list in Pulse Collaboration client, and sign-in web page for Pulse Collaboration Outlook Plugin
  • XML external entity attack in Pulse Collaboration web page
Solution
Pulse Secure recommends upgrading to one of the following or later releases:
PCS: 5.5R7.1; 6.0R8; 6.1R7; 6.2R3; 6.3R2
No workarounds exist for these issues. Software upgrades recommended in this Security Advisory are synchronized with the recommendations in other (PSN-2009-03-248 and PSN-2009-03-250). This enables customers to upgrade once and have all issues resolved with the upgrade.
Workaround
Implementation
Related Links
CVSS Score
Risk AssessmentThese vulnerabilities could compromise the integrity of the system.
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelLow
Attachment 1 
Attachment 2 
Legacy IDPSN-2009-03-249, JSA10401

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255