Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0004 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2020-09-29 | 2.1 LOW | 5.5 MEDIUM |
| On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0026 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0018 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0021 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4. | |||||
| CVE-2019-0023 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0024 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0025 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0027 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||