Lucene search

K
cve[email protected]CVE-2022-22243
HistoryOct 18, 2022 - 3:15 a.m.

CVE-2022-22243

2022-10-1803:15:11
CWE-91
CWE-20
web.nvd.nist.gov
29
5
cve-2022-22243
xpath injection
juniper networks
vulnerability
input validation
j-web
nvd
confidentiality
security

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.5%

An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.

Affected configurations

NVD
Node
juniperjunosRange<19.1
OR
juniperjunosMatch19.1-
OR
juniperjunosMatch19.1r1
OR
juniperjunosMatch19.1r1-s1
OR
juniperjunosMatch19.1r1-s2
OR
juniperjunosMatch19.1r1-s3
OR
juniperjunosMatch19.1r1-s4
OR
juniperjunosMatch19.1r1-s5
OR
juniperjunosMatch19.1r1-s6
OR
juniperjunosMatch19.1r2
OR
juniperjunosMatch19.1r2-s1
OR
juniperjunosMatch19.1r2-s2
OR
juniperjunosMatch19.1r2-s3
OR
juniperjunosMatch19.1r3
OR
juniperjunosMatch19.1r3-s1
OR
juniperjunosMatch19.1r3-s2
OR
juniperjunosMatch19.1r3-s3
OR
juniperjunosMatch19.1r3-s4
OR
juniperjunosMatch19.1r3-s5
OR
juniperjunosMatch19.1r3-s6
OR
juniperjunosMatch19.1r3-s7
OR
juniperjunosMatch19.1r3-s8
OR
juniperjunosMatch19.2-
OR
juniperjunosMatch19.2r1
OR
juniperjunosMatch19.2r1-s1
OR
juniperjunosMatch19.2r1-s2
OR
juniperjunosMatch19.2r1-s3
OR
juniperjunosMatch19.2r1-s4
OR
juniperjunosMatch19.2r1-s5
OR
juniperjunosMatch19.2r1-s6
OR
juniperjunosMatch19.2r1-s7
OR
juniperjunosMatch19.2r1-s8
OR
juniperjunosMatch19.2r1-s9
OR
juniperjunosMatch19.2r2
OR
juniperjunosMatch19.2r2-s1
OR
juniperjunosMatch19.2r3
OR
juniperjunosMatch19.2r3-s1
OR
juniperjunosMatch19.2r3-s2
OR
juniperjunosMatch19.2r3-s3
OR
juniperjunosMatch19.2r3-s4
OR
juniperjunosMatch19.2r3-s5
OR
juniperjunosMatch19.3-
OR
juniperjunosMatch19.3r1
OR
juniperjunosMatch19.3r1-s1
OR
juniperjunosMatch19.3r2
OR
juniperjunosMatch19.3r2-s1
OR
juniperjunosMatch19.3r2-s2
OR
juniperjunosMatch19.3r2-s3
OR
juniperjunosMatch19.3r2-s4
OR
juniperjunosMatch19.3r2-s5
OR
juniperjunosMatch19.3r2-s6
OR
juniperjunosMatch19.3r3
OR
juniperjunosMatch19.3r3-s1
OR
juniperjunosMatch19.3r3-s2
OR
juniperjunosMatch19.3r3-s3
OR
juniperjunosMatch19.3r3-s4
OR
juniperjunosMatch19.3r3-s5
OR
juniperjunosMatch19.3r3-s6
OR
juniperjunosMatch19.4-
OR
juniperjunosMatch19.4r1
OR
juniperjunosMatch19.4r1-s1
OR
juniperjunosMatch19.4r1-s2
OR
juniperjunosMatch19.4r1-s3
OR
juniperjunosMatch19.4r1-s4
OR
juniperjunosMatch19.4r2
OR
juniperjunosMatch19.4r2-s1
OR
juniperjunosMatch19.4r2-s2
OR
juniperjunosMatch19.4r2-s3
OR
juniperjunosMatch19.4r2-s4
OR
juniperjunosMatch19.4r2-s5
OR
juniperjunosMatch19.4r2-s6
OR
juniperjunosMatch19.4r3
OR
juniperjunosMatch19.4r3-s1
OR
juniperjunosMatch19.4r3-s2
OR
juniperjunosMatch19.4r3-s3
OR
juniperjunosMatch19.4r3-s4
OR
juniperjunosMatch19.4r3-s5
OR
juniperjunosMatch19.4r3-s6
OR
juniperjunosMatch19.4r3-s7
OR
juniperjunosMatch19.4r3-s8
OR
juniperjunosMatch20.1-
OR
juniperjunosMatch20.1r1
OR
juniperjunosMatch20.1r1-s1
OR
juniperjunosMatch20.1r1-s2
OR
juniperjunosMatch20.1r1-s3
OR
juniperjunosMatch20.1r1-s4
OR
juniperjunosMatch20.1r2
OR
juniperjunosMatch20.1r2-s1
OR
juniperjunosMatch20.1r2-s2
OR
juniperjunosMatch20.1r3
OR
juniperjunosMatch20.1r3-s1
OR
juniperjunosMatch20.1r3-s2
OR
juniperjunosMatch20.1r3-s3
OR
juniperjunosMatch20.1r3-s4
OR
juniperjunosMatch20.2-
OR
juniperjunosMatch20.2r1
OR
juniperjunosMatch20.2r1-s1
OR
juniperjunosMatch20.2r1-s2
OR
juniperjunosMatch20.2r1-s3
OR
juniperjunosMatch20.2r2
OR
juniperjunosMatch20.2r2-s1
OR
juniperjunosMatch20.2r2-s2
OR
juniperjunosMatch20.2r2-s3
OR
juniperjunosMatch20.2r3
OR
juniperjunosMatch20.2r3-s1
OR
juniperjunosMatch20.2r3-s2
OR
juniperjunosMatch20.2r3-s3
OR
juniperjunosMatch20.2r3-s4
OR
juniperjunosMatch20.3-
OR
juniperjunosMatch20.3r1
OR
juniperjunosMatch20.3r1-s1
OR
juniperjunosMatch20.3r1-s2
OR
juniperjunosMatch20.3r2
OR
juniperjunosMatch20.3r2-s1
OR
juniperjunosMatch20.3r3
OR
juniperjunosMatch20.3r3-s1
OR
juniperjunosMatch20.3r3-s2
OR
juniperjunosMatch20.3r3-s3
OR
juniperjunosMatch20.3r3-s5
OR
juniperjunosMatch20.4-
OR
juniperjunosMatch20.4r1
OR
juniperjunosMatch20.4r1-s1
OR
juniperjunosMatch20.4r2
OR
juniperjunosMatch20.4r2-s1
OR
juniperjunosMatch20.4r2-s2
OR
juniperjunosMatch20.4r3
OR
juniperjunosMatch20.4r3-s1
OR
juniperjunosMatch20.4r3-s2
OR
juniperjunosMatch20.4r3-s3
OR
juniperjunosMatch21.1-
OR
juniperjunosMatch21.1r1
OR
juniperjunosMatch21.1r1-s1
OR
juniperjunosMatch21.1r2
OR
juniperjunosMatch21.1r2-s1
OR
juniperjunosMatch21.1r2-s2
OR
juniperjunosMatch21.1r3
OR
juniperjunosMatch21.1r3-s1
OR
juniperjunosMatch21.2-
OR
juniperjunosMatch21.2r1
OR
juniperjunosMatch21.2r1-s1
OR
juniperjunosMatch21.2r1-s2
OR
juniperjunosMatch21.2r2
OR
juniperjunosMatch21.2r2-s1
OR
juniperjunosMatch21.2r2-s2
OR
juniperjunosMatch21.2r3
OR
juniperjunosMatch21.3-
OR
juniperjunosMatch21.3r1
OR
juniperjunosMatch21.3r1-s1
OR
juniperjunosMatch21.3r1-s2
OR
juniperjunosMatch21.3r2
OR
juniperjunosMatch21.3r2-s1
OR
juniperjunosMatch21.3r2-s2
OR
juniperjunosMatch21.4-
OR
juniperjunosMatch21.4r1
OR
juniperjunosMatch21.4r1-s1
OR
juniperjunosMatch21.4r1-s2
OR
juniperjunosMatch21.4r2
OR
juniperjunosMatch21.4r2-s1
OR
juniperjunosMatch21.4r2-s2
OR
juniperjunosMatch22.1r1
OR
juniperjunosMatch22.1r1-s1
OR
juniperjunosMatch22.1r1-s2

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "19.1R3-S9",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "19.2",
        "status": "affected",
        "lessThan": "19.2R3-S6",
        "versionType": "custom"
      },
      {
        "version": "19.3",
        "status": "affected",
        "lessThan": "19.3R3-S7",
        "versionType": "custom"
      },
      {
        "version": "19.4",
        "status": "affected",
        "lessThan": "19.4R2-S7, 19.4R3-S8",
        "versionType": "custom"
      },
      {
        "version": "20.1",
        "status": "affected",
        "lessThan": "20.1R3-S5",
        "versionType": "custom"
      },
      {
        "version": "20.2",
        "status": "affected",
        "lessThan": "20.2R3-S5",
        "versionType": "custom"
      },
      {
        "version": "20.3",
        "status": "affected",
        "lessThan": "20.3R3-S5",
        "versionType": "custom"
      },
      {
        "version": "20.4",
        "status": "affected",
        "lessThan": "20.4R3-S4",
        "versionType": "custom"
      },
      {
        "version": "21.1",
        "status": "affected",
        "lessThan": "21.1R3-S2",
        "versionType": "custom"
      },
      {
        "version": "21.2",
        "status": "affected",
        "lessThan": "21.2R3-S1",
        "versionType": "custom"
      },
      {
        "version": "21.3",
        "status": "affected",
        "lessThan": "21.3R2-S2, 21.3R3",
        "versionType": "custom"
      },
      {
        "version": "21.4",
        "status": "affected",
        "lessThan": "21.4R1-S2, 21.4R2-S1, 21.4R3",
        "versionType": "custom"
      },
      {
        "version": "22.1",
        "status": "affected",
        "lessThan": "22.1R1-S1, 22.1R2",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.5%

Related for CVE-2022-22243