CVE-2015-7323 Information

Description

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1 7.4 8.0 before 8.0R11 and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar.

Reference

http://seclists.org/fulldisclosure/2015/Sep/98 http://www.securitytracker.com/id/1033684 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054 https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html https://profundis-labs.com/advisories/CVE-2015-7323.txt