CVE-2020-8219 in Pulse Secure and Ivanti Products
Published on July 30, 2020
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
Weakness Type
Improper Handling of Insufficient Permissions or Privileges
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
Products Associated with CVE-2020-8219
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-8219 are published in these products:
Exploit Probability
EPSS
1.73%
Percentile
82.17%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.