The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Pulse Secure Virtual Traffic Manager

computer vulnerability alert CVE-2018-20307

Pulse Secure Virtual Traffic Manager: information disclosure via Historical Activity

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Historical Activity of Pulse Secure Virtual Traffic Manager, in order to obtain sensitive information.
Impacted products: Pulse Secure VTM.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 27/12/2018.
Identifiers: CVE-2018-20307, SA43730, VIGILANCE-VUL-28116.

Description of the vulnerability

An attacker can bypass access restrictions to data via Historical Activity of Pulse Secure Virtual Traffic Manager, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-20306

Pulse Secure Virtual Traffic Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Pulse Secure Virtual Traffic Manager, in order to run JavaScript code in the context of the web site.
Impacted products: Pulse Secure VTM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 27/12/2018.
Identifiers: CVE-2018-20306, SA43730, VIGILANCE-VUL-28115.

Description of the vulnerability

The Pulse Secure Virtual Traffic Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Pulse Secure Virtual Traffic Manager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-8201

Brocade Virtual Traffic Manager: Cross Site Request Forgery via the traffic manager

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via the traffic manager of Brocade Virtual Traffic Manager, in order to force the victim to perform operations.
Impacted products: Brocade vTM, Pulse Secure VTM.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 10/01/2017.
Identifiers: BSA-2016-209, CVE-2016-8201, SA43681, VIGILANCE-VUL-21536.

Description of the vulnerability

The Brocade Virtual Traffic Manager product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery via the traffic manager of Brocade Virtual Traffic Manager, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Pulse Secure Virtual Traffic Manager: