Junos Space Security Vulnerabilities and Issues — Junos Space CVE List

Lucene search

JuniperJunos Space

9 matches found

CVE•added 2017/10/13 5:29 p.m.•52 views

CVE-2017-10612

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper N...

8CVSS7.5AI score0.00391EPSS

CVE•added 2019/01/15 9:29 p.m.•52 views

CVE-2019-0017

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

8.8CVSS7.2AI score0.00229EPSS

CVE•added 2017/10/13 5:29 p.m.•51 views

CVE-2017-10623

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1...

8.1CVSS7.5AI score0.00234EPSS

CVE•added 2018/10/10 6:29 p.m.•51 views

CVE-2018-0046

A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions pri...

8.8CVSS5.8AI score0.0096EPSS

CVE•added 2017/05/30 2:29 p.m.•43 views

CVE-2017-2305

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.

8.8CVSS8.9AI score0.00272EPSS

CVE•added 2017/05/30 2:29 p.m.•42 views

CVE-2017-2306

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.

8.8CVSS9.1AI score0.00615EPSS

CVE•added 2018/10/10 6:29 p.m.•41 views

CVE-2018-0047

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security D...

8CVSS5.9AI score0.00317EPSS

CVE•added 2017/03/20 8:59 p.m.•37 views

CVE-2016-4928

Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.

8.8CVSS9AI score0.00185EPSS

CVE•added 2017/03/20 8:59 p.m.•35 views

CVE-2016-4927

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.

8.1CVSS8.3AI score0.00419EPSS