Lucene search
K
JuniperAdvanced Threat Prevention

11 matches found

CVE
CVE
added 2019/01/15 9:0 p.m.64 views

CVE-2019-0026

CVE-2019-0026 recap (NormaL details): Juniper ATP’s Zone configuration contains a persistent XSS vulnerability. Affected product/version: Juniper ATP 5.0.x prior to 5.0.3. Exploitation requires an authenticated user who can inject arbitrary scripts, potentially stealing data and credentials from ...

5.4CVSS5.4AI score0.0063EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.62 views

CVE-2019-0018

The CVE-2019-0018 entry documents a persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP, affecting Juniper ATP 5.0 versions prior to 5.0.3. The issue allows an authenticated attacker to inject arbitrary scripts and potentially steal sensitive data or credent...

5.4CVSS5.4AI score0.00521EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.61 views

CVE-2019-0004

CVE-2019-0004 affects Juniper ATP 5.0 prior to 5.0.3. The issue is that API keys and device keys are logged to a file readable by local authenticated users, enabling potential abuse of WebUI operations. Affected component: Juniper ATP 5.0.x; root cause: keys logged to a world-readable/local file....

7.8CVSS5.6AI score0.0033EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.58 views

CVE-2019-0020

The CVE-2019-0020 entry concerns Juniper ATP: hard-coded credentials in the Web Collector component, enabling an attacker to gain full control of affected installations. Affected releases are Juniper ATP 5.0 versions prior to 5.0.3. The root cause is the presence of hard-coded credentials in the ...

10CVSS9.6AI score0.01569EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.57 views

CVE-2019-0022

CVE-2019-0022 describes a vulnerability in Juniper ATP where the Cyphort Core instance ships with hard-coded credentials , enabling an attacker to gain full control of an affected installation. The impact affects Juniper ATP 5.0 releases prior to 5.0.3, with a network-accessible vector and high s...

10CVSS9.6AI score0.01129EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.56 views

CVE-2019-0023

The CVE concerns a persistent Cross-Site Scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP. Affected product: Juniper ATP 5.0 series prior to 5.0.3. Root cause: XSS in the Golden VM menu that could allow an authenticated user to inject arbitrary scripts and potentially steal data...

5.4CVSS5.4AI score0.00521EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.54 views

CVE-2019-0025

CVE-2019-0025 : Juniper ATP contains a persistent XSS in the RADIUS configuration menu. AFFECTED: Juniper ATP 5.0 versions prior to 5.0.3. ROOT CAUSE: stored/reflective cross-site scripting in the web admin interface. IMPACT: authenticated users can inject script to steal data/credentials from a ...

5.4CVSS5.4AI score0.00624EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.52 views

CVE-2019-0021

Summary: Juniper ATP exposes secret CLI inputs (e.g., set mcm) by logging them in plaintext to /var/log/syslog, enabling a local authenticated user to view sensitive information. Affected versions: Juniper ATP 5.0 prior to 5.0.4. Root cause: sensitive command inputs are written to system logs ins...

7.1CVSS5.5AI score0.00336EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.52 views

CVE-2019-0029

Juniper ATP Series has a vulnerability where Splunk credentials are logged in a file readable by authenticated local users, enabling access to the Splunk server. Affected product: Juniper Advanced Threat Prevention (ATP) 5.0 versions prior to 5.0.3. Root cause: credentials stored in clear text in...

8.8CVSS7.6AI score0.00336EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.51 views

CVE-2019-0024

Summary: CVE-2019-0024 is a persistent XSS vulnerability in Juniper ATP, specifically in the Email Collectors menu. Multiple sources confirm that authenticated users can inject arbitrary scripts, potentially exfiltrating data and credentials from a web administration session and possibly tricking...

5.4CVSS5.4AI score0.00633EPSS
CVE
CVE
added 2019/01/15 9:0 p.m.49 views

CVE-2019-0027

CVE-2019-0027 affects Juniper ATP 5.0 (before 5.0.3). The issue is a persistent XSS in the Snort Rules configuration that allows an authenticated user to inject arbitrary scripts, potentially stealing data/credentials from a web admin session and tricking a follow-on admin into performing actions...

5.4CVSS5.4AI score0.00624EPSS