CVE-2019-11510
Vendor and product: Pulse Secure Pulse Connect Secure
Certain versions of Pulse Secure Pulse Connect Secure contain an arbitrary file reading bug that allows an unauthenticated remote attacker to send a specially crafted URI to perform an arbitrary file reading.
The bug is from 2019, so its appearance on this list of most commonly exploited software vulnerabilities from last year suggests that many organizations still need to patch this flaw. Pulse Secure’s advisory listed several other bugs, including authentication bypass, code execution, arbitrary file writing, session hijacking and more.
Return To Article