CVE-2019-11213

HIGH Year: 2019
CVSS v3 Score
8.1
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.

Related Vulnerabilities

CVE-2013-0507

HIGH
CVSS:8.1(High)

IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability

CWE-3842013

CVE-2016-0721

HIGH
CVSS:8.1(High)

Session fixation vulnerability in pcsd in pcs before 0.9.157.

CWE-3842016

CVE-2016-8609

HIGH
CVSS:8.1(High)

It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session....

CWE-3842016

CVE-2016-9981

HIGH
CVSS:8.1(High)

IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257

CWE-3842016

CVE-2017-12619

HIGH
CVSS:8.1(High)

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".

CWE-3842017

CVE-2017-14263

HIGH
CVSS:8.1(High)

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManag...

CWE-3842017