Synced 19 Jun 2026 07:34 UTC Account
← All products

CVE-2020-15352

HIGH severity · CVSS 7.2 · XML external entity (XXE)
7.2CVSS HIGH

Summary

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredHigh
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)3%

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products we track (2)

Ivanti Connect SecurePulse Connect Secure

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information