Description

An arbitrary file reading vulnerability exists on Pulse Secure SSL VPN. An attacker can craft a request that accesses potentially sensitive information in the Pulse's filesystem.

Remediation

Upgrade Pulse Secure

References

Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX

Infiltrating Corporate Intranet Like NSA

Related Vulnerabilities

WordPress Plugin Video Downloader for TikTok Directory Traversal (1.3)

WordPress Plugin Startklar Elementor Addons Directory Traversal (1.7.15)

WordPress Plugin Ajax Pagination (twitter Style) Local File Inclusion (1.1)

XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6884)

Undertow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7816)

Severity

High

Classification

CVE-2019-11510 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal