This page lists publicly disclosed CVE vulnerabilities affecting pulsesecure virtual_traffic_manager (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-31922 | An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. | [email protected] | 7.5 | 0.97% | 2021-05-14 | 2024-11-21 |
| CVE-2018-20307 | Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation. | [email protected] | 4.3 | 0.83% | 2018-12-20 | 2024-11-21 |
| CVE-2018-20306 | A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1. | [email protected] | 5.4 | 0.54% | 2018-12-20 | 2024-11-21 |