CVE-2020-15352

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Configurations

Configuration 1

cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:-:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.3:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r3.1:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r8:*:*:*:*:*:*

Information

Published : 2020-10-27 05:15

Updated : 2020-11-02 04:35


NVD link : CVE-2020-15352

Mitre link : CVE-2020-15352

Products Affected
No products.
CWE
CWE-611

Improper Restriction of XML External Entity Reference