High
A remote, unauthenticated attacker may be able to compromise a vulnerable VPN server. The attacker may be able to gain access to all active users and their plain-text credentials. It may also be possible for the attacker to execute arbitrary commands on each VPN client as it successfully connects to the VPN server.
Credential theft
Pulse Secure
Please see vendor’s advisory for the list of updated patches.
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/