In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

CVE-2019-11510

The solution for these vulnerabilities is to upgrade your Pulse Connect Secure and Pulse Policy Secure server software version to the corresponding version that has the fix. The following table provides guidance on the software you should deploy depending on current software version. 
 
If the PCS/PPS version is installed, Then deploy this version (or later)
to resolve the issue:	
Pulse Connect Secure 9.0RX
Pulse Connect Secure 9.0R3.4 & 9.0R4
Pulse Connect Secure 8.3RX	Pulse Connect Secure 8.3R7.1	 
Pulse Connect Secure 8.2RX	Pulse Connect Secure 8.2R12.1		 
Pulse Connect Secure 8.1RX	Pulse Connect Secure 8.1R15.1
Pulse Policy Secure 9.0RX	Pulse Policy Secure 9.0R3.2 & 9.0R4	
Pulse Policy Secure 5.4RX	Pulse Policy Secure 5.4R7.1
Pulse Policy Secure 5.3RX	Pulse Policy Secure 5.3R12.1	
Pulse Policy Secure 5.2RX	Pulse Policy Secure 5.2R12.1	
Pulse Policy Secure 5.1RX	Pulse Policy Secure 5.1R15.1		 

The solution for these vulnerabilities is to upgrade your Pulse Connect Secure and Pulse Policy Secure server software version to the corresponding version that has the fix. The following table provides guidance on the software you should deploy depending on current software version. 
If the PCS/PPS version is installed, Then deploy this version (or later)
to resolve the issue: Pulse Connect Secure 9.0RX
Pulse Connect Secure 9.0R3.4 &amp; 9.0R4
Pulse Connect Secure 8.3RX Pulse Connect Secure 8.3R7.1 Pulse Connect Secure 8.2RX Pulse Connect Secure 8.2R12.1 Pulse Connect Secure 8.1RX Pulse Connect Secure 8.1R15.1
Pulse Policy Secure 9.0RX Pulse Policy Secure 9.0R3.2 &amp; 9.0R4 Pulse Policy Secure 5.4RX Pulse Policy Secure 5.4R7.1
Pulse Policy Secure 5.3RX Pulse Policy Secure 5.3R12.1 Pulse Policy Secure 5.2RX Pulse Policy Secure 5.2R12.1 Pulse Policy Secure 5.1RX Pulse Policy Secure 5.1R15.1

SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX

Featured CVEs

Thank you for downloading from Remedy Cloud!

Please fill out the form to download the CSV

Your Script is On It's Way!

Tell us where to send the script

Your Email Was Successfully Sent!

Email

Your Name

Your fix has been sent successfully!

Suggest a Fix

Search for a CVE below to see all the available fixes

Vulcan Remedy Cloud

Loading - Vulcan Remedy Cloud

The page you are looking for was moved, removed, renamed or might never existed.

Page Was Not Found!

CVE-2019-11510

1 fix found:

Version Update

SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX