CVE-2020-8261

Published Oct 28, 2020

Last updated 9 months ago

CVSS medium 4.3

Overview

Description: A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
Source: support@hackerone.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-120
support@hackerone.com: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6"
          },
          {
            "criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43AF1D62-D827-4495-A4B0-CCA0C2BEE68F",
            "versionEndExcluding": "9.1"
          },
          {
            "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45F30A80-665D-4726-983C-36FED0CBF6E1",
            "versionEndExcluding": "9.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References