{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T19:12:44.258","vulnerabilities":[{"cve":{"id":"CVE-2020-8218","sourceIdentifier":"support@hackerone.com","published":"2020-07-30T13:15:11.847","lastModified":"2025-10-30T20:41:02.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface."},{"lang":"es","value":"Se presenta una vulnerabilidad de inyección de código en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante diseñar un URI para llevar a cabo una ejecución de código arbitraria por medio de la interfaz web de administración"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2022-03-07","cisaActionDue":"2022-09-07","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Pulse Connect Secure Code Injection Vulnerability","weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0","matchCriteriaId":"87FBC6AD-0A70-4626-A152-E49BECF9F7AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*","matchCriteriaId":"4F450898-0B06-4073-9B76-BF22F68BD14F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*","matchCriteriaId":"4B21C181-DC49-4EBD-9932-DBB337151FF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*","matchCriteriaId":"4FEFC4B1-7350-46F9-80C1-42F5AE06142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*","matchCriteriaId":"DB7A6D62-6576-4713-9BF4-11068A72E8B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*","matchCriteriaId":"843BC1B9-50CC-4F8F-A454-A0CEC6E92290"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*","matchCriteriaId":"D5355372-03EA-46D7-9104-A2785C29B664"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*","matchCriteriaId":"3DE32A0C-8944-4F51-A286-266055CA4B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*","matchCriteriaId":"0349A0CC-A372-4E51-899E-D7BA67876F4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*","matchCriteriaId":"93D1A098-BD77-4A7B-9070-A764FB435981"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*","matchCriteriaId":"3CCC2D7B-F835-45EC-A316-2F0C5F2CF565"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*","matchCriteriaId":"AD812596-C77C-4129-982F-C22A25B52126"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*","matchCriteriaId":"6418A649-3A63-40CC-BD7C-309B3B0B2595"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*","matchCriteriaId":"A07B66E0-A679-4912-8CB1-CD134713EDC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*","matchCriteriaId":"6D37A6E4-D58E-444D-AF6A-15461F38E81A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*","matchCriteriaId":"FC2B9DA0-E32B-4125-9986-F0D3814C66E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*","matchCriteriaId":"38A0D7CF-7D55-4933-AE8C-36006D6779E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*","matchCriteriaId":"C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*","matchCriteriaId":"BAFDA618-D15D-401D-AC68-0020259FEC57"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*","matchCriteriaId":"D55AB5F0-132F-4C40-BF4F-684E139B774B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*","matchCriteriaId":"6BE937D2-8BEE-4E64-8738-F550EAD00F50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*","matchCriteriaId":"9C753520-1BC6-4980-AFC9-4C2FDDF2FD18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*","matchCriteriaId":"AC3863BC-3B9A-402B-A74A-149CDF717EC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0","matchCriteriaId":"B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F"}]}]}],"references":[{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/","source":"support@hackerone.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8218","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}