Skip to main content

Advanced Threat Prevention

11 CVEs product

Monthly

CVE-2019-0029 HIGH This Week

Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Splunk Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-0027 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-0026 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-0025 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-0024 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-0023 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2019-0022 CRITICAL Act Now

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Advanced Threat Prevention
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-0021 MEDIUM This Month

On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information.0 versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-0020 CRITICAL Act Now

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Advanced Threat Prevention
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-0018 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS File Upload Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2019-0004 MEDIUM This Month

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Advanced Threat Prevention
NVD
CVSS 3.1
5.5
EPSS
0.3%
EPSS 0% CVSS 7.8
HIGH This Week

Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Splunk Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Advanced Threat Prevention
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information.0 versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Advanced Threat Prevention
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Advanced Threat Prevention
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Juniper XSS File Upload +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Advanced Threat Prevention
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy