CVE-2018-14366

Published Sep 6, 2018

Last updated a year ago

CVSS medium 6.1

Overview

Description: download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-601

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "202E4839-7CE4-49CE-BEE1-CB33A96770E7"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB453513-AFEA-4E68-8441-3984E83FFB2F"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2037BE1-408C-47E8-8A70-8440BF3A1ED6"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1rx:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8135B806-EE52-412B-8EE1-6F20666055CB"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3rx:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD77C208-DD3E-46BD-930F-93BB39799D08"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A42EFC8-C5FF-4397-87CF-263813FAA5D7"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C952B5B8-DCAB-476A-9E60-3F1BBE509F21"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F199F01-9EEA-4184-AD99-6B21110484AB"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9938EBCC-B9B7-4FB1-9ACB-9BED485AB5E2"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B4A309B-ACB0-4053-909A-6889129EB2C1"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8A4A105-EBF3-4895-9ABE-50972DD232F8"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4013CA1C-48F0-46F6-B327-E6B34311A7EA"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "112B9736-336D-4C72-A960-0B33DD3439EF"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49FA8DC5-900B-4A53-AF55-410A7FF901E9"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4946BBE-E449-4F89-910C-3389BDF36071"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FDBD7BC-C9A7-48C2-B3BC-8E2C90F54268"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2r9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4B56D6E-2429-4511-8FE6-A9BE1226F031"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.2rx:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C766CBF4-502C-4522-845C-A5436DD1960D"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7F2FFEC-F243-4D85-888E-339C60B3C0CE"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A841849-DA0E-4BAA-8807-F42481C9457D"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EC5A497-1FA2-4AE4-A611-553129B9F78C"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "479B25A4-59AA-4FA4-B1CC-E06781D00962"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4rx:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07A6F2EF-09AF-4DAA-A552-6111C51DD210"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References