CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22187 – JIMS: Local Privilege Escalation vulnerability via repair functionality
https://notcve.org/view.php?id=CVE-2022-22187
14 Apr 2022 — An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 3%CPEs: 218EXPL: 7CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://github.com/isacaya/CVE-2019-11358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0042 – Incorrect messages from Juniper Identity Management Service (JIMS) can trigger Denial of Service or firewall bypass conditions for SRX series devices
https://notcve.org/view.php?id=CVE-2019-0042
10 Apr 2019 — Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network. El Juniper Identity Management Service (JIMS) para versiones de Windows anteriores a 1.1.4 puede enviar un mensaje de manera inapropiada a las puertas de enlace de servicios ... • https://kb.juniper.net/JSA10934 • CWE-305: Authentication Bypass by Primary Weakness CWE-404: Improper Resource Shutdown or Release CWE-669: Incorrect Resource Transfer Between Spheres •