Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2019-01-15 CVE-2019-0029 Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention
Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users.
local
low complexity
juniper CWE-532
7.8
2019-01-15 CVE-2019-0027 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
2019-01-15 CVE-2019-0026 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
2019-01-15 CVE-2019-0025 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
2019-01-15 CVE-2019-0024 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
2019-01-15 CVE-2019-0023 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
2019-01-15 CVE-2019-0022 Use of Hard-coded Credentials vulnerability in Juniper Advanced Threat Prevention
Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software.
network
low complexity
juniper CWE-798
critical
9.8
2019-01-15 CVE-2019-0021 Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention
On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information.
local
low complexity
juniper CWE-532
5.5
2019-01-15 CVE-2019-0020 Use of Hard-coded Credentials vulnerability in Juniper Advanced Threat Prevention
Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software.
network
low complexity
juniper CWE-798
critical
9.8
2019-01-15 CVE-2019-0018 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4