Description

An arbitrary file reading vulnerability exists on Pulse Secure SSL VPN. An attacker can craft a request that accesses potentially sensitive information in the Pulse's filesystem.

Remediation

Upgrade Pulse Secure

References

Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX

Infiltrating Corporate Intranet Like NSA

Related Vulnerabilities

WordPress Plugin WP Source Control Directory Traversal (3.0.0)

WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Local File Inclusion (2.2.25)

Apache Tomcat WAR file directory traversal vulnerability

Laravel log viewer local file download (LFD)

WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)

Severity

High

Classification

CVE-2019-11510 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal