Lucene search

JuniperCVELIST:CVE-2018-0046

HistoryOct 10, 2018 - 12:00 a.m.

CVE-2018-0046 Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS

2018-10-1000:00:00

juniper

www.cve.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.

CNA Affected

[
  {
    "product": "Junos Space",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "18.2R1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105566

www.securitytracker.com/id/1041862

github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d

kb.juniper.net/JSA10880

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

Related for CVELIST:CVE-2018-0046