The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar.
Vulnerable Systems:
* Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3
Immune Systems:
* Pulse Connect Secure (formerly Juniper Junos Pulse) after 7.1R22.1, 7.4, 8.0 after 8.0R11, and 8.1 after 8.1R3
An information disclosure issue has been discovered in Secure Meeting (Pulse Collaboration). This issue could allow an attacker to enumerate currently in progress meetings on the device. This issue alone will not allow compromise of a meeting as it will only allow an attacker to know which meetings are currently in progress.