Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-10	CVE-2019-0035	Insufficiently Protected Credentials vulnerability in Juniper Junos When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. low complexity juniper CWE-522	6.8
2019-01-15	CVE-2019-0027	Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. network low complexity juniper CWE-79	5.4
2019-01-15	CVE-2019-0026	Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. network low complexity juniper CWE-79	5.4
2019-01-15	CVE-2019-0025	Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. network low complexity juniper CWE-79	5.4
2019-01-15	CVE-2019-0024	Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. network low complexity juniper CWE-79	5.4
2019-01-15	CVE-2019-0023	Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. network low complexity juniper CWE-79	5.4
2019-01-15	CVE-2019-0021	Information Exposure Through Log Files vulnerability in Juniper Advanced Threat Prevention On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. local low complexity juniper CWE-532	5.5
2019-01-15	CVE-2019-0018	Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. network low complexity juniper CWE-79	5.4
2019-01-15	CVE-2019-0016	Unspecified vulnerability in Juniper Junos Space A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. network low complexity juniper	6.5
2019-01-15	CVE-2019-0015	Insufficient Session Expiration vulnerability in Juniper Junos A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. network low complexity juniper CWE-613	5.4