CVE-2020-11580

Severity CVSS v4.0:
Pending analysis
Type:
CWE-295 Improper Certificate Validation
Publication date:
06/04/2020
Last modified:
16/09/2021

Description

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:* 2020-04-06 (including)
cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:* 2020-04-06 (including)
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*