Lucene search

MitreCVE-2016-4790

HistoryMay 26, 2016 - 2:59 p.m.

CVE-2016-4790

2016-05-2614:59:06

CWE-79

mitre

web.nvd.nist.gov

cve-2016-4790

cross-site scripting

xss

pulse connect secure

pcs

nvd

vulnerability

administrative interface

remote attackers

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

ivanticonnect_secureMatch8.1

pulsesecurepulse_connect_secureMatch8.1r1.0

Node

ivanticonnect_secureMatch8.0

Node

pulsesecurepulse_connect_secureMatch7.4

Node

ivanticonnect_secureMatch8.2

VendorProductVersionCPE
ivanticonnect_secure8.1cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*
pulsesecurepulse_connect_secure8.1r1.0cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*
ivanticonnect_secure8.0cpe:2.3:a:ivanti:connect_secure:8.0:*:*:*:*:*:*:*
pulsesecurepulse_connect_secure7.4cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:*:*:*:*:*:*:*
ivanticonnect_secure8.2cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	connect_secure	8.1	cpe:2.3:a:ivanti:connect_secure:8.1:::::::*
pulsesecure	pulse_connect_secure	8.1r1.0	cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:::::::*
ivanti	connect_secure	8.0	cpe:2.3:a:ivanti:connect_secure:8.0:::::::*
pulsesecure	pulse_connect_secure	7.4	cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:::::::*
ivanti	connect_secure	8.2	cpe:2.3:a:ivanti:connect_secure:8.2:::::::*

References

www.securitytracker.com/id/1035932

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40211

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

Related for CVE-2016-4790