Page 2 of 12 results (0.005 seconds)

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-0021 – Juniper ATP: secret CLI inputs are logged to /var/log/syslog in clear text

https://notcve.org/view.php?id=CVE-2019-0021

15 Jan 2019 — On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4. En Juniper ATP, las entradas CLI de frase de contraseña, como "set mcm", se registran en /var/log/syslog en texto claro, lo que permite que un usuario local autenticado visualice esta información secreta. Este problema afecta a Juniper ATP en versiones 5.0 anteri... • https://kb.juniper.net/JSA10918 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-0023 – Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu

https://notcve.org/view.php?id=CVE-2019-0023

15 Jan 2019 — A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. Una vulnerabilidad de Cross-Site Scripting persistente en el menú de Golden VM de Juniper ATP podría permitir que un usuario auten... • https://kb.juniper.net/JSA10918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •