Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Advanced Threat Prevention Security Vulnerabilities - CVSS Score 5 - 6

cve
cve

CVE-2019-0004

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

5.5CVSS

5.3AI Score

0.0004EPSS

2019-01-15 09:29 PM
36
cve
cve

CVE-2019-0018

A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administr...

5.4CVSS

5.4AI Score

0.001EPSS

2019-01-15 09:29 PM
37
cve
cve

CVE-2019-0023

A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative ...

5.4CVSS

5.3AI Score

0.001EPSS

2019-01-15 09:29 PM
34
cve
cve

CVE-2019-0024

A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administ...

5.4CVSS

5.3AI Score

0.001EPSS

2019-01-15 09:29 PM
29
cve
cve

CVE-2019-0025

A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administ...

5.4CVSS

5.3AI Score

0.001EPSS

2019-01-15 09:29 PM
32
cve
cve

CVE-2019-0026

A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrat...

5.4CVSS

5.3AI Score

0.001EPSS

2019-01-15 09:29 PM
36
cve
cve

CVE-2019-0027

A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform admi...

5.4CVSS

5.3AI Score

0.001EPSS

2019-01-15 09:29 PM
28