The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.
References
Link | Resource |
---|---|
http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620 | Vendor Advisory |
http://www.securityfocus.com/bid/102908 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-31T21:00:00
Updated: 2018-02-03T10:57:01
Reserved: 2018-01-28T00:00:00
Link: CVE-2018-6374
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-01-31T21:29:00.280
Modified: 2018-02-24T21:37:36.447
Link: CVE-2018-6374
JSON object: View
Redhat Information
No data.
CWE