CyberSec.Space Logo
Back to CVE Browser

CVE-2019-11510

Known Exploited (CISA KEV)CRITICAL
10.0
CVSS Severity Score
EPSS Score64.2950%
EPSS Percentile92.71th
PublishedMay 8, 2019
Last ModifiedDec 18, 2025

Vulnerability Description

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Affected Platforms (CPE)

πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.2
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 8.3
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0
πŸ“¦
Ivanti

Connect Secure

= 9.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html
πŸ”— http://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.html
πŸ”— http://www.securityfocus.com/bid/108073
πŸ”— https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
πŸ”— https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
πŸ”— https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
πŸ”— https://kb.pulsesecure.net/?atype=sa
πŸ”— https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

Related Vulnerabilities

CVE-2007-285010.0

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials ...

CVE-2000-056310.0

The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a m...

CVE-2021-2289310.0

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Sh...

CVE-2010-007210.0

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect...