{ "id": "CVE-2018-20807", "sourceIdentifier": "cve@mitre.org", "published": "2019-06-28T18:15:10.927", "lastModified": "2019-07-08T14:46:03.937", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly." }, { "lang": "es", "value": "Se ha encontrado un problema de Cross-Site Scripting (XSS) en welcome.cgi en Pulse Secure Pulse Connect Secure (PCS) en la versi\u00f3n 8.1.x anteriores a 8.1R12, versi\u00f3n 8.2.x anteriores a 8.2R9, y 8.3.x anteriores a 8.3R3 debido a que uno de los par\u00e1metros de la URL no se sanea correctamente." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r1.0:*:*:*:*:*:*", "matchCriteriaId": "49F6CDB9-C109-4EB2-86DF-456455D4986C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r1.1:*:*:*:*:*:*", "matchCriteriaId": "6FF5EF23-24FC-4E29-B222-36D5195A752E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r10.0:*:*:*:*:*:*", "matchCriteriaId": "A2082F8E-D3F5-4398-9267-83E99A2F0DB4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r11.0:*:*:*:*:*:*", "matchCriteriaId": "2BD53665-76A5-4402-B110-D442659FA137" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r11.1:*:*:*:*:*:*", "matchCriteriaId": "2785706F-923B-49C3-808D-B4F865F1C6D5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r2.0:*:*:*:*:*:*", "matchCriteriaId": "5F661E2D-7145-4F9E-8C21-5549E6FEC5E9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r2.1:*:*:*:*:*:*", "matchCriteriaId": "20FF211B-4715-482A-B65A-B3CAD6964A59" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.1:*:*:*:*:*:*", "matchCriteriaId": "62B4F9D7-2E06-45E4-BBAB-93B28D0D9FA4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.2:*:*:*:*:*:*", "matchCriteriaId": "5E7C11F3-1CC9-453E-957E-3BB639198166" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r4.0:*:*:*:*:*:*", "matchCriteriaId": "7694F296-98AC-4428-BAE8-C4A0FC6A321E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r4.1:*:*:*:*:*:*", "matchCriteriaId": "08164A6F-8F4D-4F61-A070-6577080DD71D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r5.0:*:*:*:*:*:*", "matchCriteriaId": "303A8E2E-C2AC-4F0F-9D6F-23F68A21A41E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r6.0:*:*:*:*:*:*", "matchCriteriaId": "6C24975B-129E-4C7E-B451-90737C729922" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r7:*:*:*:*:*:*", "matchCriteriaId": "7F159C6F-A33D-419F-A605-003A180FEFA5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r7.0:*:*:*:*:*:*", "matchCriteriaId": "3BF15BDB-453A-41E5-AB88-77FBD0796C85" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r8.0:*:*:*:*:*:*", "matchCriteriaId": "0AE80EC6-8368-46EC-AD05-23C074F26145" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.0:*:*:*:*:*:*", "matchCriteriaId": "329FFEAD-06DD-469C-B336-4296F8E306E2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.1:*:*:*:*:*:*", "matchCriteriaId": "394BD9EB-15D8-4070-99CC-14B0F09DBD3E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.2:*:*:*:*:*:*", "matchCriteriaId": "F3435C01-0263-48A0-B081-B155F3C83422" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1:*:*:*:*:*:*", "matchCriteriaId": "3F8227D2-64DC-404C-A2F3-9B1BF1D7B140" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*", "matchCriteriaId": "DBC3A53D-C401-42C7-9150-94063497FC4D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.1:*:*:*:*:*:*", "matchCriteriaId": "8AC08435-9C70-4D61-B350-46DB29D9C023" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r2.0:*:*:*:*:*:*", "matchCriteriaId": "8538C5B5-3CE8-4A26-B1A6-BFCDC4295C9C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.0:*:*:*:*:*:*", "matchCriteriaId": "193F5509-F867-4F49-9C56-B90729E8F6C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.1:*:*:*:*:*:*", "matchCriteriaId": "5E5E91CA-D0C9-4FF4-AE20-E0E4F8575A3C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.0:*:*:*:*:*:*", "matchCriteriaId": "665A582A-7FFC-4928-8DE4-09050CC114CC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.1:*:*:*:*:*:*", "matchCriteriaId": "BA0879FF-9485-4D32-811A-4816E118B71A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.0:*:*:*:*:*:*", "matchCriteriaId": "92332DB8-8698-4D59-9A7F-64FBBEFDEFF2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.1:*:*:*:*:*:*", "matchCriteriaId": "0783EF3A-26C3-49D8-B886-54863F6FF2F7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r6.0:*:*:*:*:*:*", "matchCriteriaId": "09F6830B-2731-47A7-A9F1-34B94D86447A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.0:*:*:*:*:*:*", "matchCriteriaId": "424309FD-76DB-4289-B1B9-6B52786930D6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.1:*:*:*:*:*:*", "matchCriteriaId": "8D8CF926-B86F-4516-A83E-5181FAFA74BE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.2:*:*:*:*:*:*", "matchCriteriaId": "D4FA4C0C-47D3-43CB-9932-5FB907B0ECE3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.0:*:*:*:*:*:*", "matchCriteriaId": "B7B7E65F-7528-4699-9B63-4C81119FBBA7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.1:*:*:*:*:*:*", "matchCriteriaId": "ABC1DD9B-1B59-42CB-9DE7-4ED118C99350" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.2:*:*:*:*:*:*", "matchCriteriaId": "24BE16DE-2056-45B4-A684-B342F9C4DC00" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r1:*:*:*:*:*:*", "matchCriteriaId": "7F1DB315-284A-4EFC-ABA9-F39BC6D9D0A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2:*:*:*:*:*:*", "matchCriteriaId": "7BFAAE49-B42B-4FFD-BF4A-3A1AC84DA99F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2.1:*:*:*:*:*:*", "matchCriteriaId": "D735C9A5-BBB1-4588-9E1D-24F51C3A1015" } ] } ] } ], "references": [ { "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730/", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] } ] }