Description

An arbitrary file reading vulnerability exists on Pulse Secure SSL VPN. An attacker can craft a request that accesses potentially sensitive information in the Pulse's filesystem.

Remediation

Upgrade Pulse Secure

References

Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX

Infiltrating Corporate Intranet Like NSA

Related Vulnerabilities

SAP Portal directory traversal vulnerability

WordPress Duplicator plugin Unauthenticated Arbitrary File Download

WordPress Plugin WP Rocket Local File Inclusion (2.10.3)

WordPress Plugin PictPress 'resize.php' Multiple Local File Include Vulnerabilities (1.0)

WordPress Plugin HUSKY-Products Filter Professional for WooCommerce Multiple Vulnerabilities (1.1.9)

Severity

High

Classification

CVE-2019-11510 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal