CVE-2020-15352 in Pulse Secure and Ivanti Products
Published on October 27, 2020

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

NVD

Products Associated with CVE-2020-15352

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-15352 are published in these products:

Pulse Secure Pulse Connect Secure

Pulse Secure Pulse Policy Secure

Ivanti Policy Secure

Ivanti Connect Secure

Exploit Probability

EPSS

6.56%

Percentile

90.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-15352 in Pulse Secure and Ivanti ProductsPublished on October 27, 2020

Products Associated with CVE-2020-15352

Exploit Probability

CVE-2020-15352 in Pulse Secure and Ivanti Products
Published on October 27, 2020