Description

An arbitrary file reading vulnerability exists on Pulse Secure SSL VPN. An attacker can craft a request that accesses potentially sensitive information in the Pulse's filesystem.

Remediation

Upgrade Pulse Secure

References

Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX

Infiltrating Corporate Intranet Like NSA

Related Vulnerabilities

WordPress Plugin GraceMedia Media Player Local File Inclusion (1.0)

WordPress Plugin BackWPup Multiple Local File Include Vulnerabilities (1.5.2)

WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.1.9)

WordPress Plugin Landing Page Builder-Lead Page-Optin Page-Squeeze Page-WordPress Landing Pages Local File Inclusion (1.4.3)

WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.8.5.7)

Severity

High

Classification

CVE-2019-11510 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal