Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation.