mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
294 lines
12 KiB
JSON
294 lines
12 KiB
JSON
{
|
|
"id": "CVE-2018-20807",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2019-06-28T18:15:10.927",
|
|
"lastModified": "2019-07-08T14:46:03.937",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha encontrado un problema de Cross-Site Scripting (XSS) en welcome.cgi en Pulse Secure Pulse Connect Secure (PCS) en la versi\u00f3n 8.1.x anteriores a 8.1R12, versi\u00f3n 8.2.x anteriores a 8.2R9, y 8.3.x anteriores a 8.3R3 debido a que uno de los par\u00e1metros de la URL no se sanea correctamente."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 2.7
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r1.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "49F6CDB9-C109-4EB2-86DF-456455D4986C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r1.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6FF5EF23-24FC-4E29-B222-36D5195A752E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r10.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A2082F8E-D3F5-4398-9267-83E99A2F0DB4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r11.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2BD53665-76A5-4402-B110-D442659FA137"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r11.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2785706F-923B-49C3-808D-B4F865F1C6D5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r2.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5F661E2D-7145-4F9E-8C21-5549E6FEC5E9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r2.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "20FF211B-4715-482A-B65A-B3CAD6964A59"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "62B4F9D7-2E06-45E4-BBAB-93B28D0D9FA4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5E7C11F3-1CC9-453E-957E-3BB639198166"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r4.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7694F296-98AC-4428-BAE8-C4A0FC6A321E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r4.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "08164A6F-8F4D-4F61-A070-6577080DD71D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r5.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "303A8E2E-C2AC-4F0F-9D6F-23F68A21A41E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r6.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6C24975B-129E-4C7E-B451-90737C729922"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r7:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7F159C6F-A33D-419F-A605-003A180FEFA5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r7.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3BF15BDB-453A-41E5-AB88-77FBD0796C85"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r8.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0AE80EC6-8368-46EC-AD05-23C074F26145"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "329FFEAD-06DD-469C-B336-4296F8E306E2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "394BD9EB-15D8-4070-99CC-14B0F09DBD3E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F3435C01-0263-48A0-B081-B155F3C83422"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3F8227D2-64DC-404C-A2F3-9B1BF1D7B140"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DBC3A53D-C401-42C7-9150-94063497FC4D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8AC08435-9C70-4D61-B350-46DB29D9C023"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r2.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8538C5B5-3CE8-4A26-B1A6-BFCDC4295C9C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "193F5509-F867-4F49-9C56-B90729E8F6C8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5E5E91CA-D0C9-4FF4-AE20-E0E4F8575A3C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "665A582A-7FFC-4928-8DE4-09050CC114CC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BA0879FF-9485-4D32-811A-4816E118B71A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "92332DB8-8698-4D59-9A7F-64FBBEFDEFF2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0783EF3A-26C3-49D8-B886-54863F6FF2F7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r6.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "09F6830B-2731-47A7-A9F1-34B94D86447A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "424309FD-76DB-4289-B1B9-6B52786930D6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8D8CF926-B86F-4516-A83E-5181FAFA74BE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D4FA4C0C-47D3-43CB-9932-5FB907B0ECE3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B7B7E65F-7528-4699-9B63-4C81119FBBA7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ABC1DD9B-1B59-42CB-9DE7-4ED118C99350"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "24BE16DE-2056-45B4-A684-B342F9C4DC00"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7F1DB315-284A-4EFC-ABA9-F39BC6D9D0A1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7BFAAE49-B42B-4FFD-BF4A-3A1AC84DA99F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D735C9A5-BBB1-4588-9E1D-24F51C3A1015"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730/",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |