Vulnerabilities > CVE-2019-0032 - Credentials Management vulnerability in Juniper Service Insight and Service NOW

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

juniper

CWE-255

NVD

Published: 2019-04-10

Updated: 2019-04-12

Summary

A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.

Vulnerable Configurations

Part	Description	Count
Application	Juniper Juniper Service Insight * Juniper Service NOW *	2

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.securityfocus.com/bid/107885
https://kb.juniper.net/JSA10921
https://kb.juniper.net/KB27572