{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Pulse Connect Secure 8.1.x versions ant\u00e9rieures \u00e0 8.1R15.1 (8.1.15.59747)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}},{"description":"Pulse Policy Secure 5.1R15.1 (5.1.15.50767)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}},{"description":"Pulse Connect Secure 8.2.x versions ant\u00e9rieures \u00e0 8.2R12.1 (8.2.12.64003)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}},{"description":"Pulse Connect Secure 9.0.x versions ant\u00e9rieures \u00e0 9.0R4 (9.0.4.64055) & 9.0R3.4 (9.0.3.64053)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}},{"description":"Pulse Policy Secure 5.4.x versions ant\u00e9rieures \u00e0 5.4R7.1 (5.4.7.51119)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}},{"description":"Pulse Policy Secure 9.0.x versions ant\u00e9rieures \u00e0 9.0R4 (9.0.4.51871) et 9.0R3.2 (9.0.3.51873)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}},{"description":"Pulse Policy Secure 5.2R12.1 (5.2.12.50765)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}},{"description":"Pulse Connect Secure 9.1.x versions ant\u00e9rieures \u00e0 9.1R1 (9.1.1.1505)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}},{"description":"Pulse Policy Secure 5.3R12.1 (5.3.12.50975)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}},{"description":"Pulse Connect Secure 8.3 versions ant\u00e9rieures \u00e0 8.3R7.1 (8.3.7.65025)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}},{"description":"Pulse Policy Secure 9.1.x versions ant\u00e9rieures \u00e0 9.1R1 (9.1.1.1231)","product":{"name":"N/A","vendor":{"name":"Pulse Secure","scada":false}}}],"affected_systems_content":null,"closed_at":"2020-05-05","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[],"links":[{"title":"Bulletin CERT-FR CERTFR-2019-ACT-008 du 28 ao\u00fbt 2019","url":"https://www.cert.ssi.gouv.fr/actualite/CERTFR-2019-ACT-008/"}],"reference":"CERTFR-2020-ALE-001","revisions":[{"description":"Version initiale","revision_date":"2020-01-09T00:00:00.000000"},{"description":"Cl\u00f4ture de l'alerte. Cela ne signifie pas la fin d'une menace. Seule l'application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l'exploitation de la vuln\u00e9rabilit\u00e9 correspondante.","revision_date":"2020-05-05T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Le 24 avril 2019, l'\u00e9diteur Pulse Secure a \u00e9mis un avis de s\u00e9curit\u00e9 pour\nles produits Pulse Connect Secure et Pulse Policy Secure. Le CERT-FR a\nensuite publi\u00e9 un bulletin d'actualit\u00e9 portant sur plusieurs produits,\ndont les produits Pulse Secure\u00a0(cf. section Documentation).\n\nLe CERT-FR a connaissance de cas d'exploitation des vuln\u00e9rabilit\u00e9s\naffectant les produits Pulse Secure n'ayant pas appliqu\u00e9 ces mises \u00e0\njour de s\u00e9curit\u00e9. Le CERT-FR recommande donc fortement l'application du\ncorrectif mis \u00e0 disposition le 24 avril 2019, et ce, dans les plus brefs\nd\u00e9lais.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits de Pulse Secure","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Pulse Secure SA44101 du 24 avril 2019","url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"}]}