CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-6374

The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.4%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 6.4

References

http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620
http://www.securityfocus.com/bid/102908
http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620
http://www.securityfocus.com/bid/102908

Products affected by CVE-2018-6374

Pulsesecure » Desktop Linux Client » Version: Any

cpe:2.3:a:pulsesecure:desktop_linux_client:*
Pulsesecure » Desktop Linux Client » Version: 5.2r9.2

cpe:2.3:a:pulsesecure:desktop_linux_client:5.2r9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-6374

Products

Pricing

Contact Us