Vulnerabilities > Juniper > Advanced Threat Prevention > Low

DATE CVE VULNERABILITY TITLE RISK
2019-01-15 CVE-2019-0004 Information Exposure vulnerability in Juniper Advanced Threat Prevention
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users.
local
low complexity
juniper CWE-200
2.1
2.1
2019-01-15 CVE-2019-0018 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
juniper CWE-79
3.5
3.5
2019-01-15 CVE-2019-0021 Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention
On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information.
local
low complexity
juniper CWE-532
2.1
2.1
2019-01-15 CVE-2019-0023 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
juniper CWE-79
3.5
3.5
2019-01-15 CVE-2019-0024 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
juniper CWE-79
3.5
3.5
2019-01-15 CVE-2019-0025 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
juniper CWE-79
3.5
3.5
2019-01-15 CVE-2019-0026 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
juniper CWE-79
3.5
3.5
2019-01-15 CVE-2019-0027 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
juniper CWE-79
3.5
3.5
2019-01-15 CVE-2019-0029 Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention
Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users.
local
low complexity
juniper CWE-532
2.1
2.1