CVE-2019-11510 - Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability

Vulnerability Name

Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability

Description

Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2019-11510

Related News Articles

U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 SystemsMay 3, 2025

US indicts Black Kingdom ransomware admin for Microsoft Exchange attacksMay 2, 2025