Ivanti Connect Secure 8.1

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*

part: a version: 8.1 update: *

VendorIvanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129)
ProductConnect Secure (61f5b622-21c4-5d14-b120-bd5f32132cfb)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-11543 vulnerable 2026-06-03 14:39:33.365614 Details available
HIGH (8.3)
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
Published: 2019-04-26T01:40:43.000Z
Updated: 2024-11-15T15:26:20.782Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-11542 vulnerable 2026-06-03 14:39:33.363246 Details available
HIGH (8)
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
Published: 2019-04-26T01:40:33.000Z
Updated: 2024-08-04T22:55:40.973Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-11539 vulnerable 2026-06-03 14:39:33.303122 Details available
HIGH (8)
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
Published: 2019-04-26T01:39:36.000Z
Updated: 2025-10-21T23:45:38.985Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-11509 vulnerable 2026-06-03 14:39:33.178741 Details available
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.
Published: 2019-06-03T19:34:46.000Z
Updated: 2024-08-04T22:55:40.698Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-11508 vulnerable 2026-06-03 14:39:33.153923 Details available
HIGH (8.6)
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
Published: 2019-05-08T16:49:51.000Z
Updated: 2024-08-04T22:55:40.588Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-6320 vulnerable 2026-06-03 14:39:00.127840 Details available
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.
Published: 2018-09-06T23:00:00.000Z
Updated: 2024-08-05T06:01:48.718Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-14366 vulnerable 2026-06-03 14:38:12.007174 Details available
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
Published: 2018-09-06T23:00:00.000Z
Updated: 2024-08-05T09:29:50.097Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-11455 vulnerable 2026-06-03 14:36:28.606505 Details available
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
Published: 2017-08-29T15:00:00.000Z
Updated: 2024-08-05T18:12:40.105Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-4791 vulnerable 2026-06-03 14:35:53.250210 Details available
The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.
Published: 2016-05-26T14:00:00.000Z
Updated: 2024-08-06T00:39:26.251Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-4790 vulnerable 2026-06-03 14:35:53.249707 Details available
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2016-05-26T14:00:00.000Z
Updated: 2024-08-06T00:39:26.268Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-4789 vulnerable 2026-06-03 14:35:53.249089 Details available
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2016-05-26T14:00:00.000Z
Updated: 2024-11-14T19:49:26.270Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-4788 vulnerable 2026-06-03 14:35:53.248492 Details available
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.
Published: 2016-05-26T14:00:00.000Z
Updated: 2024-08-06T00:39:26.323Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-4787 vulnerable 2026-06-03 14:35:53.248001 Details available
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.
Published: 2016-05-26T14:00:00.000Z
Updated: 2024-08-06T00:39:26.244Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-4786 vulnerable 2026-06-03 14:35:53.244005 Details available
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
Published: 2016-05-26T14:00:00.000Z
Updated: 2024-08-06T00:39:26.180Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.