GCVE - cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*

part: a version: 8.2 update: *

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Connect Secure (`61f5b622-21c4-5d14-b120-bd5f32132cfb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-11542`	vulnerable	2026-06-03 14:39:33.363269	Details available HIGH (8) In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow. Published: 2019-04-26T01:40:33.000Z Updated: 2024-08-04T22:55:40.973Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 http://www.securityfocus.com/bid/108073 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11541`	vulnerable	2026-06-03 14:39:33.362054	Details available HIGH (8.3) In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks. Published: 2019-04-26T01:40:18.000Z Updated: 2024-08-04T22:55:40.935Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ http://www.securityfocus.com/bid/108073 https://www.kb.cert.org/vuls/id/927237	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11539`	vulnerable	2026-06-03 14:39:33.305545	Details available HIGH (8) In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. Published: 2019-04-26T01:39:36.000Z Updated: 2025-10-21T23:45:38.985Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 http://www.securityfocus.com/bid/108073 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4792`	vulnerable	2026-06-03 14:35:53.250642	Details available Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. Published: 2016-05-26T14:00:00.000Z Updated: 2024-08-06T00:39:26.311Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40212 http://www.securitytracker.com/id/1035932	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4791`	vulnerable	2026-06-03 14:35:53.250256	Details available The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. Published: 2016-05-26T14:00:00.000Z Updated: 2024-08-06T00:39:26.251Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1035932 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4790`	vulnerable	2026-06-03 14:35:53.249800	Details available Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2016-05-26T14:00:00.000Z Updated: 2024-08-06T00:39:26.268Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1035932 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40211	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4789`	vulnerable	2026-06-03 14:35:53.249282	Details available Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2016-05-26T14:00:00.000Z Updated: 2024-11-14T19:49:26.270Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1035932 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40209	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4788`	vulnerable	2026-06-03 14:35:53.248464	Details available Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. Published: 2016-05-26T14:00:00.000Z Updated: 2024-08-06T00:39:26.323Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1035932 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40208	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4787`	vulnerable	2026-06-03 14:35:53.247954	Details available Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. Published: 2016-05-26T14:00:00.000Z Updated: 2024-08-06T00:39:26.244Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40207 http://www.securitytracker.com/id/1035932	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4786`	vulnerable	2026-06-03 14:35:53.245779	Details available Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Published: 2016-05-26T14:00:00.000Z Updated: 2024-08-06T00:39:26.180Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1035932 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40206	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.