What is CVE-2016-4787?

CVE-2016-4787 is a critical-severity vulnerability in Ivanti Connect_secure. CVSS score: 10.0/10. Published 2016-05-26.

How severe is CVE-2016-4787?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Vulnerability in Ivanti Connect_secure

CVE-2016-4787

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.

EPSS: 0.025 (82.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H.

Affected products

Ivanti Connect_secure — versions 8.0, 8.2, 8.1
Pulsesecure Pulse_connect_secure — versions 7.4, 8.1r1.0
N/a — versions n/a

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2016-4787?: CVE-2016-4787 is a critical-severity vulnerability in Ivanti Connect_secure. CVSS score: 10.0/10. Published 2016-05-26.
How severe is CVE-2016-4787?: Critical severity. CVSS v3 base score is 10.0 out of 10.