CVE-2020-8218

CVE-2020-8218

Vendor N/A
Product Pulse Connect Secure
Weakness CWE-94 · Code injection
KEV Status Known Exploited
Published July 30, 2020
Last update October 21, 2025

CVSS base score

What the vulnerability does

01Description

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

July 30, 2020 CVE published
October 21, 2025 Record updated