CVE-2020-8263 - Vulnerability Details

Vendors	Products
Pulsesecure	Pulse Secure Desktop Client

Link	Providers
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Pulse Connect Secure / Pulse Policy Secure", "vendor": "n/a", "versions": [{"status": "affected", "version": "9.1R9"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Cross-site Scripting (XSS) - Reflected (CWE-79)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-28T12:48:17", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8263", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Pulse Connect Secure / Pulse Policy Secure", "version": {"version_data": [{"version_value": "9.1R9"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"}]}]}, "references": {"reference_data": [{"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "refsource": "MISC", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:56:27.966Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8263", "datePublished": "2020-10-28T12:48:17", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-08-04T09:56:27.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Pulse Connect Secure / Pulse Policy Secure (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : 9.1R9 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-79 (string)

description : Cross-site Scripting (XSS) - Reflected (CWE-79) (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-10-28T12:48:17 (string)

orgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

shortName : hackerone (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : support@hackerone.com (string)

ID : CVE-2020-8263 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Pulse Connect Secure / Pulse Policy Secure (string)

version : { »

version_data : [ »

0 : { »

version_value : 9.1R9 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Cross-site Scripting (XSS) - Reflected (CWE-79) (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 (string)

refsource : MISC (string)

url : https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T09:56:27.966Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

assignerShortName : hackerone (string)

cveId : CVE-2020-8263 (string)

datePublished : 2020-10-28T12:48:17 (string)

dateReserved : 2020-01-28T00:00:00 (string)

dateUpdated : 2024-08-04T09:56:27.966Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:*", "matchCriteriaId": "87BF5FC6-3D85-4C88-AD32-23A1BB4975A8", "versionEndExcluding": "9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:*", "matchCriteriaId": "524B043E-80B3-4E60-BDDB-55A29A04DA1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:*", "matchCriteriaId": "1E79BF74-D489-4A8D-8135-E5427D43DE2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:*", "matchCriteriaId": "71C518EF-BFF6-41EE-A696-311E6EB3C17D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:*", "matchCriteriaId": "B0840530-B0F7-4BBA-BC55-4BF2C2D59DF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:*", "matchCriteriaId": "6F98E7F0-6D2D-4238-BABF-15841BE32605", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:*", "matchCriteriaId": "EB616A5D-8B22-4C0D-8E09-073B4778430E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:*", "matchCriteriaId": "40E3E61D-0716-408A-BBF6-6336FED8F618", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:*", "matchCriteriaId": "3F066817-5364-47F5-9211-9F4FDD958BD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:*", "matchCriteriaId": "661A0EB6-4CCC-4744-B0E9-81A0E3E2BB37", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:*", "matchCriteriaId": "CEB6A361-FD3C-4263-92E2-B2DBCDE20674", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:*", "matchCriteriaId": "5C64CBA6-AAD2-4151-BE72-4F68934D94BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:*", "matchCriteriaId": "8BAFB239-5C78-4F3D-9CDA-D67A74B2AF05", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:*", "matchCriteriaId": "7A0DDA55-66D2-43A1-AEB2-26192150DC83", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure versiones anteriores a 9.1R9, podr\u00eda permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) por medio del archivo CGI"}], "id": "CVE-2020-8263", "lastModified": "2024-11-21T05:38:36.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-28T13:15:13.293", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:*:*:*:*:*:linux:*:* (string)

matchCriteriaId : 87BF5FC6-3D85-4C88-AD32-23A1BB4975A8 (string)

versionEndExcluding : 9.1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r1:*:*:*:linux:*:* (string)

matchCriteriaId : 524B043E-80B3-4E60-BDDB-55A29A04DA1D (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r2:*:*:*:linux:*:* (string)

matchCriteriaId : 1E79BF74-D489-4A8D-8135-E5427D43DE2A (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3:*:*:*:linux:*:* (string)

matchCriteriaId : 71C518EF-BFF6-41EE-A696-311E6EB3C17D (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r3.1:*:*:*:linux:*:* (string)

matchCriteriaId : B0840530-B0F7-4BBA-BC55-4BF2C2D59DF0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4:*:*:*:linux:*:* (string)

matchCriteriaId : 6F98E7F0-6D2D-4238-BABF-15841BE32605 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.1:*:*:*:linux:*:* (string)

matchCriteriaId : EB616A5D-8B22-4C0D-8E09-073B4778430E (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r4.2:*:*:*:linux:*:* (string)

matchCriteriaId : 40E3E61D-0716-408A-BBF6-6336FED8F618 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r5:*:*:*:linux:*:* (string)

matchCriteriaId : 3F066817-5364-47F5-9211-9F4FDD958BD3 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r6:*:*:*:linux:*:* (string)

matchCriteriaId : 661A0EB6-4CCC-4744-B0E9-81A0E3E2BB37 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7:*:*:*:linux:*:* (string)

matchCriteriaId : CEB6A361-FD3C-4263-92E2-B2DBCDE20674 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r7.1:*:*:*:linux:*:* (string)

matchCriteriaId : 5C64CBA6-AAD2-4151-BE72-4F68934D94BA (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8:*:*:*:linux:*:* (string)

matchCriteriaId : 8BAFB239-5C78-4F3D-9CDA-D67A74B2AF05 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:pulsesecure:pulse_secure_desktop_client:9.1:r8.2:*:*:*:linux:*:* (string)

matchCriteriaId : 7A0DDA55-66D2-43A1-AEB2-26192150DC83 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) por medio del archivo CGI (string)

}

]

id : CVE-2020-8263 (string)

lastModified : 2024-11-21T05:38:36.913 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-10-28T13:15:13.293 (string)

references : [ »

0 : { »

source : support@hackerone.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 (string)

}

]

sourceIdentifier : support@hackerone.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : support@hackerone.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object