Vigil@nce - Pulse Connect Secure, Pulse Secure Desktop: information disclosure via Session Cookies Reading
June 2019 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer/Computer-vulnerability-database-and-alert
SYNTHESIS OF THE VULNERABILITY
– Impacted products: Pulse Connect Secure, Pulse Secure Client.
– Severity: 2/4.
– Consequences: data reading.
– Provenance: user shell.
– Confidence: confirmed by the editor (5/5).
– Creation date: 12/04/2019.
– Revision date: 12/04/2019.
DESCRIPTION OF THE VULNERABILITY
An attacker can bypass access restrictions to data via Session
Cookies Reading of Pulse Connect Secure and Pulse Secure Desktop,
in order to obtain sensitive information.
ACCESS TO THE FULL VIGIL@NCE BULLETIN