Pulse Secure SSL VPN Arbitrary File reading (CVE-2019-11510)

Description

An arbitrary file reading vulnerability exists on Pulse Secure SSL VPN. An attacker can craft a request that accesses potentially sensitive information in the Pulse's filesystem.

Remediation

Upgrade Pulse Secure

References

Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX

Infiltrating Corporate Intranet Like NSA

Related Vulnerabilities

WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)

WordPress Plugin WordPress File Upload Directory Traversal (4.12.2)

WordPress Plugin Wholesale Market for WooCommerce Directory Traversal (1.0.8)

WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)

WordPress Plugin jRSS Widget 'url' Parameter Directory Traversal (1.1.1)

Severity

High

Classification

CVE-2019-11510 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N