ID	48342
Created	Sep 06, 2019
Updated	Dec 02, 2019
Outbreak Alert	CISAtop20_PRC2022 Routinely Exploited Vulnerabilities 2022
Severity
CVE ID	CVE-2019-11510
EPSS	97.23%
Coverage	IPS (Regular DB) IPS (Extended DB)
Default Action	drop
Active
Affected OS	Other
Affected App	Other

Legend

Active/Available
InActive/Not Available

Database Update History

Date	Version	Detail
2019-12-03	15.737	Default_action:pass:drop
2019-10-08	14.701	Sig Added
2019-09-06	14.683

Refine Search

Threat Encyclopedia

Pulse.Secure.SSL.VPN.HTML5.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Pulse Connect Secure.
The vulnerability is due to an error in the vulnerable application when handling a malicious request. An unauthenticated attacker can exploit this to access sensitive information on the affected machine via a crafted request.

Affected Products

Pulse Connect Secure 8.1R15.1
Pulse Connect Secure 8.2 before 8.2R12.1
Pulse Connect Secure 8.3 before 8.3R7.1
Pulse Connect Secure 9.0 before 9.0R3.4

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor's advisory for updates:
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer