CVE-2020-8256

EPSS 3.4%CWE-611

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 3.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

29 Sep 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.

Affected products

n/a · Pulse Connect Secure

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/