GCVE - cpe:2.3:a:ivanti:connect_secure:8.3:r5.2:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:connect_secure:8.3:r5.2:*:*:*:*:*:*

part: a version: 8.3 update: r5.2

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Connect Secure (`61f5b622-21c4-5d14-b120-bd5f32132cfb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-11539`	vulnerable	2026-06-03 14:39:33.360185	Details available HIGH (8) In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. Published: 2019-04-26T01:39:36.000Z Updated: 2025-10-21T23:45:38.985Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 http://www.securityfocus.com/bid/108073 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11538`	vulnerable	2026-06-03 14:39:33.301749	Details available HIGH (7.7) In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device. Published: 2019-04-26T01:39:22.000Z Updated: 2024-11-15T15:26:56.601Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 http://www.securityfocus.com/bid/108073 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11510`	vulnerable	2026-06-03 14:39:33.205503	Details available CRITICAL (9.9) In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . Published: 2019-05-08T16:18:28.000Z Updated: 2025-10-21T23:45:37.755Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ http://www.securityfocus.com/bid/108073 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11509`	vulnerable	2026-06-03 14:39:33.179701	Details available In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance. Published: 2019-06-03T19:34:46.000Z Updated: 2024-08-04T22:55:40.698Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ https://www.kb.cert.org/vuls/id/927237	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11508`	vulnerable	2026-06-03 14:39:33.173777	Details available HIGH (8.6) In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. Published: 2019-05-08T16:49:51.000Z Updated: 2024-08-04T22:55:40.588Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ http://www.securityfocus.com/bid/108073 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11507`	vulnerable	2026-06-03 14:39:33.120633	Details available MEDIUM (5.8) In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. Published: 2019-05-08T16:52:15.000Z Updated: 2024-08-04T22:55:40.456Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ http://www.securityfocus.com/bid/108073 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.