CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0004 – Juniper ATP: API and device keys are logged in a world-readable permissions file
https://notcve.org/view.php?id=CVE-2019-0004
15 Jan 2019 — On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. En Juniper ATP, la clave API y la clave del dispositivo están registradas en un archivo legible por usuarios autenticados locales. Estas claves se emplean para realizar operaciones críticas en la interfaz WebUI. • https://kb.juniper.net/JSA10918 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0024 – Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Email Collectors menu
https://notcve.org/view.php?id=CVE-2019-0024
15 Jan 2019 — A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. Una vulnerabilidad de Cross-Site Scripting persistente en el menú de Email Collectors de Juniper ATP podría permitir que un... • https://kb.juniper.net/JSA10918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0026 – Juniper ATP: Persistent Cross-Site Scripting vulnerability in Zone configuration
https://notcve.org/view.php?id=CVE-2019-0026
15 Jan 2019 — A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. Una vulnerabilidad de Cross-Site Scripting persistente en el menú de configuración de Zone de Juniper ATP podría permitir que ... • https://kb.juniper.net/JSA10918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0018 – Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu
https://notcve.org/view.php?id=CVE-2019-0018
15 Jan 2019 — A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. Una vulnerabilidad de Cross-Site Scripting persistente en el menú de subida de archivos de Juniper ATP podría permitir que u... • https://kb.juniper.net/JSA10918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0022 – Juniper ATP: Two hard coded credentials sharing the same password give an attacker the ability to take control of any installation of the software.
https://notcve.org/view.php?id=CVE-2019-0022
15 Jan 2019 — Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3. Juniper ATP se distribuye con credenciales embebidas en la instancia de Cyphort Core, que otorga a un atacante la capacidad de tomar el control total de cualquier instalación del software. Las versiones afectadas son Juniper Networks Junos ATP: versiones 5.0 ant... • https://kb.juniper.net/JSA10918 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0030 – Juniper ATP: Password hashing uses DES and a hardcoded salt
https://notcve.org/view.php?id=CVE-2019-0030
15 Jan 2019 — Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. Juniper ATP emplea DES y una sal embebida para hashear contraseñas, lo que permite el "deshasheo" trivial del contenido del archivo de contraseñas. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3. • https://kb.juniper.net/JSA10918 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0027 – Juniper ATP: Persistent Cross-Site Scripting vulnerability in Snort Rules configuration
https://notcve.org/view.php?id=CVE-2019-0027
15 Jan 2019 — A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en el menú de configuración de reglas de Snort de Juniper ATP... • https://kb.juniper.net/JSA10918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0025 – Juniper ATP: Persistent Cross-Site Scripting vulnerability in RADIUS configuration menu
https://notcve.org/view.php?id=CVE-2019-0025
15 Jan 2019 — A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. Una vulnerabilidad de Cross-Site Scripting persistente en el menú de configuración de RADIUS de Juniper ATP podría permitir... • https://kb.juniper.net/JSA10918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0020 – Juniper ATP: Hard coded credentials used in Web Collector
https://notcve.org/view.php?id=CVE-2019-0020
15 Jan 2019 — Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3. Juniper ATP se distribuye con credenciales embebidas en la instancia de Web Collector, que otorga a un atacante la capacidad de tomar el control total de cualquier instalación del software. Las versiones afectadas son Juniper Networks Junos ATP: versiones 5.0 a... • https://kb.juniper.net/JSA10918 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0029 – Juniper ATP: Splunk credentials are in logged in clear text
https://notcve.org/view.php?id=CVE-2019-0029
15 Jan 2019 — Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. Las credenciales de Splunk de Juniper, en la serie ATP, están registradas en un archivo legible por usuarios autenticados locales. Mediante el uso de esas credenciales, un atacante puede acceder al servidor de Splunk. • https://kb.juniper.net/JSA10918 • CWE-532: Insertion of Sensitive Information into Log File •