CVE-2016-4791 Information

Description

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1 8.1 before 8.1r2 8.0 before 8.0r9 and 7.4 before 7.4r13.4 allows remote administrators to enumerate files read arbitrary files and conduct server side request forgery (SSRF) attacks via unspecified vectors.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Reference

http://www.securitytracker.com/id/1035932 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40210

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

8.6