1. CVE-Search
  2. CVE-2018-9849
ID CVE-2018-9849
Summary Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
References
Vulnerable Configurations
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r1.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r1.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r1.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r1.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r10.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r10.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r11.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r11.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r11.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r11.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r12.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r12.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r12.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r12.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r13.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r13.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r14.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r14.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r2.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r2.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r2.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r2.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.2:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r3.2:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r4.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r4.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r4.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r4.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r5.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r5.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r6.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r6.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r7:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r7:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r7.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r7.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r8.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r8.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.2:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:r9.2:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r2.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r2.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r4.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r4.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r5.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r6.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r7.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r8.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r10.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r11.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r11.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r12.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r12.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r13.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r10.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r10.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r11.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r11.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r12.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r12.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r2.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r2.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r6.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r6.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.2:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.2:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.2:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.2:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r9.0:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r9.0:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r8.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r8.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r8.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r9.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r10.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2r10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r1.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r1.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r3:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r3:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r4:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r4:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5.2:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5.2:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r6:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r6:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r6.1:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r6.1:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r7:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r7:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r2:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r2.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r3:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r3:*:*:*:*:*:*:*
  • cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r4:*:*:*:*:*:*:*
    cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r4:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 104160
confirm https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730
Last major update 03-10-2019 - 00:03
Published 10-05-2018 - 14:29
Last modified 03-10-2019 - 00:03
Back to Top