Vulnerability Details CVE-2018-9849
Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.0%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
Products affected by CVE-2018-9849
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r10.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r11.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r11.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r12.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r12.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r13.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r2.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r2.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.2
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r4.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r4.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r5.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r6.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r7.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r8.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.2
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r1.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r10.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r2.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r3.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r4.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r5.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r6.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.2
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r8.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r8.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r8.2
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r9.0
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r2
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r2.1
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r3
-
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r4