Improper input validation in Ivanti Connect_secure

CVE-2018-20809

A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.027 (84.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2018-20809?
CVE-2018-20809 is a high-severity vulnerability in Ivanti Connect_secure, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2019-06-28.
How severe is CVE-2018-20809?
High severity. CVSS v3 base score is 7.5 out of 10.