In regards to what's effected, check out JSA10629.

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=JSA10629

For upgrade path recommendation, please refer to the release notes: http://www.juniper.net/techpubs/en_US/sa8.0/information-products/topic-collections/Junos-Pulse-Secur...

It's recommended to upgrade to 7.1R16 first, then upgrade to 8.0.  In regards to the latest openssl vulnerabilities, it was confirmed 7.1 is not vulnerable.

Thanks for the quick responses and information.  I just found an article that says it may be fixed in 8.0R4.1

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB29195

Solution:
Last Update: 10.00 a.m. June 12th 2014 Pacific Daylight Savings.

We are working on the fix for OpenSSL MITM vulnerability (CVE-2014-0224) and below are details of the fix** OR the tentative ETA for the delivery of the fix in each of the versions mentioned:

• Secure Access Version 8.0R4.1 and Pulse Desktop Version 5.0R4.1 - The releases are now available for download at Juniper Support Site.
  • Please note that the Secure Access Version 8.0R4.1 also fixes the following OpenSSL Vulnerabilities mentioned in JSA10629
    • CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
    • CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial of service
    • CVE-2014-3470 Anonymous ECDH denial of service - Please note that Secure Access is not vulnerable, but the patches were implemented.

CVE-2014-0224 SSL/TLS MITM vulnerability

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1.

• All versions of Junos OS running on any product or platform are vulnerable (PR 999736).
• Following Secure Access versions are vulnerable (PR 1000219):
  • 8.0 prior to 8.0R4.1
  • 7.4 prior to 7.4R11.1
• Following Pulse Desktop versions are vulnerable (PR 1000143):
  
  • 5.0 prior to 5.0R4.1
  • 4.0 prior to 4.0R11.1
• Secure Access software versions 7.1, 7.2 and 7.3 are not vulnerable on the server side when clients are used to access Secure Access server with those versions.
• All Network Connect FIPS versions are vulnerable.
• All versions Linux Network Connect are vulnerable
• Network Connect for Mac OS X is vulnerable only if openssl version on Mac OS X system is vulnerable.
• All versions of Host Checker are vulnerable.
• All Junos Pulse (Mobile) for iOS FIPS versions are vulnerable (PR 1000204).
• All Junos Pulse (Mobile) for Android versions are vulnerable.
• All versions of Junos Space are vulnerable (PR 999804).
• ScreenOS is not vulnerable (PR 999772) - all Juniper servers that ScreenOS can connect have been verified to be not vulnerable, hence ScreenOS is not vulnerable.
• Windows Network Connect (Non-FIPS) versions are not vulnerable.
• Junos Pulse (iOS) Non-FIPS versions are not vulnerable.
• Windows In-Box Junos Pulse Client on Windows 8.1 is not vulnerable.
• Junos Pulse (Mobile) for Windows Phone 8.1 versions is not vulnerable.

The clients seem to be the main issue