CVE-2015-7323

Sažetak

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar.

Reference

http://seclists.org/fulldisclosure/2015/Sep/98
http://www.securitytracker.com/id/1033684
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054
https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html
https://profundis-labs.com/advisories/CVE-2015-7323.txt

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

08-12-2016 - 03:13

Objavljeno

05-10-2015 - 15:59