CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/

Products affected by CVE-2018-20810

Ivanti » Connect Secure » Version: 8.3

cpe:2.3:a:ivanti:connect_secure:8.3
Pulsesecure » Pulse Policy Secure » Version: 5.4

cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20810

Products

Pricing

Contact Us