Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
2018-05-10T14:29:00.767
2024-11-21T04:15:48.360
Modified
CVSSv3.0: 5.5 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | pulsesecure | pulse_connect_secure | < 8.1r14 | Yes |
| Application | pulsesecure | pulse_connect_secure | < 8.2r11 | Yes |
| Application | pulsesecure | pulse_connect_secure | < 8.3r5 | Yes |