CVE-2020-8256

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.

Link	Resource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588	Vendor Advisory
https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/	Exploit Third Party Advisory

Configuration 1

cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:-:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.1:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.3:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8:*:*:*:*:*:* cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.1:*:*:*:*:*:*

---

Published : 2020-09-30 06:15

Updated : 2022-12-13 03:55

---

NVD link : CVE-2020-8256

Mitre link : CVE-2020-8256

No products.

CWE-611

Improper Restriction of XML External Entity Reference