VAR-201510-0225
Vulnerability from variot - Updated: 2025-04-13 23:31The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. Pulse Connect Secure is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Pulse Connect Secure (also known as PCS, formerly known as Juniper Junos Pulse) is a set of SSL VPN solutions of American Pulse Secure company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 2.4,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "8.0"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.1"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "8.1"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "8.1r3"
},
{
"model": "pulse connect secure",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "8.1"
},
{
"model": "pulse connect secure",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "8.0r11"
},
{
"model": "pulse connect secure",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "8.0"
},
{
"model": "secure pulse connect secure",
"scope": "eq",
"trust": 0.3,
"vendor": "pulse",
"version": "0"
},
{
"model": "secure junos pulse secure meeting",
"scope": "eq",
"trust": 0.3,
"vendor": "pulse",
"version": "8.0.5"
},
{
"model": "secure pulse connect secure 8.1r3",
"scope": "ne",
"trust": 0.3,
"vendor": "pulse",
"version": null
},
{
"model": "secure pulse connect secure 8.0r11",
"scope": "ne",
"trust": 0.3,
"vendor": "pulse",
"version": null
},
{
"model": "secure pulse connect secure eta",
"scope": "ne",
"trust": 0.3,
"vendor": "pulse",
"version": "7.4"
},
{
"model": "secure pulse connect secure 7.1r22.1",
"scope": "ne",
"trust": 0.3,
"vendor": "pulse",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "76857"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005090"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-022"
},
{
"db": "NVD",
"id": "CVE-2015-7323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:juniper:pulse_connect_secure",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005090"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philipp Rocholl of Profundis Labs",
"sources": [
{
"db": "BID",
"id": "76857"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7323",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2015-7323",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-85284",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7323",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2015-7323",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-022",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-85284",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2015-7323",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85284"
},
{
"db": "VULMON",
"id": "CVE-2015-7323"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005090"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-022"
},
{
"db": "NVD",
"id": "CVE-2015-7323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. Pulse Connect Secure is prone to an authorization-bypass vulnerability. \nAttackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Pulse Connect Secure (also known as PCS, formerly known as Juniper Junos Pulse) is a set of SSL VPN solutions of American Pulse Secure company",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7323"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005090"
},
{
"db": "BID",
"id": "76857"
},
{
"db": "VULHUB",
"id": "VHN-85284"
},
{
"db": "VULMON",
"id": "CVE-2015-7323"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85284",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85284"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7323",
"trust": 2.9
},
{
"db": "PULSESECURE",
"id": "SA40054",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "133711",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1033684",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005090",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-022",
"trust": 0.7
},
{
"db": "BID",
"id": "76857",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-85284",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7323",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85284"
},
{
"db": "VULMON",
"id": "CVE-2015-7323"
},
{
"db": "BID",
"id": "76857"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005090"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-022"
},
{
"db": "NVD",
"id": "CVE-2015-7323"
}
]
},
"id": "VAR-201510-0225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85284"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:31:33.483000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA40054",
"trust": 0.8,
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054"
},
{
"title": "Pulse Secure Pulse Connect Secure Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57882"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005090"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-022"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85284"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005090"
},
{
"db": "NVD",
"id": "CVE-2015-7323"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2015/sep/98"
},
{
"trust": 2.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40054"
},
{
"trust": 1.9,
"url": "https://packetstormsecurity.com/files/133711/junos-pulse-secure-meeting-8.0.5-access-bypass.html"
},
{
"trust": 1.8,
"url": "https://profundis-labs.com/advisories/cve-2015-7323.txt"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1033684"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7323"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7323"
},
{
"trust": 0.3,
"url": "https://my.pulsesecure.net/"
},
{
"trust": 0.3,
"url": "https://www.profundis-labs.com/advisories/cve-2015-7323.txt"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85284"
},
{
"db": "VULMON",
"id": "CVE-2015-7323"
},
{
"db": "BID",
"id": "76857"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005090"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-022"
},
{
"db": "NVD",
"id": "CVE-2015-7323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85284"
},
{
"db": "VULMON",
"id": "CVE-2015-7323"
},
{
"db": "BID",
"id": "76857"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005090"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-022"
},
{
"db": "NVD",
"id": "CVE-2015-7323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-85284"
},
{
"date": "2015-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7323"
},
{
"date": "2015-09-25T00:00:00",
"db": "BID",
"id": "76857"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005090"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-022"
},
{
"date": "2015-10-05T15:59:01.860000",
"db": "NVD",
"id": "CVE-2015-7323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-85284"
},
{
"date": "2016-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7323"
},
{
"date": "2015-09-25T00:00:00",
"db": "BID",
"id": "76857"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005090"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-022"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-7323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pulse Connect Secure of Secure Meeting Vulnerable to access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005090"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-022"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…