11 matches found
CVE-2019-0026
CVE-2019-0026 recap (NormaL details): Juniper ATP’s Zone configuration contains a persistent XSS vulnerability. Affected product/version: Juniper ATP 5.0.x prior to 5.0.3. Exploitation requires an authenticated user who can inject arbitrary scripts, potentially stealing data and credentials from ...
CVE-2019-0018
The CVE-2019-0018 entry documents a persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP, affecting Juniper ATP 5.0 versions prior to 5.0.3. The issue allows an authenticated attacker to inject arbitrary scripts and potentially steal sensitive data or credent...
CVE-2019-0004
CVE-2019-0004 affects Juniper ATP 5.0 prior to 5.0.3. The issue is that API keys and device keys are logged to a file readable by local authenticated users, enabling potential abuse of WebUI operations. Affected component: Juniper ATP 5.0.x; root cause: keys logged to a world-readable/local file....
CVE-2019-0020
The CVE-2019-0020 entry concerns Juniper ATP: hard-coded credentials in the Web Collector component, enabling an attacker to gain full control of affected installations. Affected releases are Juniper ATP 5.0 versions prior to 5.0.3. The root cause is the presence of hard-coded credentials in the ...
CVE-2019-0022
CVE-2019-0022 describes a vulnerability in Juniper ATP where the Cyphort Core instance ships with hard-coded credentials , enabling an attacker to gain full control of an affected installation. The impact affects Juniper ATP 5.0 releases prior to 5.0.3, with a network-accessible vector and high s...
CVE-2019-0023
The CVE concerns a persistent Cross-Site Scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP. Affected product: Juniper ATP 5.0 series prior to 5.0.3. Root cause: XSS in the Golden VM menu that could allow an authenticated user to inject arbitrary scripts and potentially steal data...
CVE-2019-0025
CVE-2019-0025 : Juniper ATP contains a persistent XSS in the RADIUS configuration menu. AFFECTED: Juniper ATP 5.0 versions prior to 5.0.3. ROOT CAUSE: stored/reflective cross-site scripting in the web admin interface. IMPACT: authenticated users can inject script to steal data/credentials from a ...
CVE-2019-0021
Summary: Juniper ATP exposes secret CLI inputs (e.g., set mcm) by logging them in plaintext to /var/log/syslog, enabling a local authenticated user to view sensitive information. Affected versions: Juniper ATP 5.0 prior to 5.0.4. Root cause: sensitive command inputs are written to system logs ins...
CVE-2019-0029
Juniper ATP Series has a vulnerability where Splunk credentials are logged in a file readable by authenticated local users, enabling access to the Splunk server. Affected product: Juniper Advanced Threat Prevention (ATP) 5.0 versions prior to 5.0.3. Root cause: credentials stored in clear text in...
CVE-2019-0024
Summary: CVE-2019-0024 is a persistent XSS vulnerability in Juniper ATP, specifically in the Email Collectors menu. Multiple sources confirm that authenticated users can inject arbitrary scripts, potentially exfiltrating data and credentials from a web administration session and possibly tricking...
CVE-2019-0027
CVE-2019-0027 affects Juniper ATP 5.0 (before 5.0.3). The issue is a persistent XSS in the Snort Rules configuration that allows an authenticated user to inject arbitrary scripts, potentially stealing data/credentials from a web admin session and tricking a follow-on admin into performing actions...