CVE-2018-20809
HIGHPulse Connect Secure < 8.3R5 and Pulse Policy Secure < 5.4R5 - Denial of Service
Title source: llmDescription
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/
Scores
CVSS v3
7.5
EPSS
0.0331
EPSS Percentile
87.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (4)
ivanti/connect_secure
8.3 r1 (5 CPE variants)
pulsesecure/pulse_policy_secure
4.4 r1.0 (16 CPE variants)
pulsesecure/pulse_policy_secure
5.0 r1.0 (18 CPE variants)
pulsesecure/pulse_policy_secure
5.1 r1.0 (11 CPE variants)
Published
Jun 28, 2019
Tracked Since
Feb 18, 2026