CVSS: 6.8EPSS: 0%CPEs: 44EXPL: 0CVE-2021-0220 – Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI
https://notcve.org/view.php?id=CVE-2021-0220
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1. Se ha encontrado que Junos Space Network Management Platform almacena secretos compartidos en un formato recuperable que puede ser expuesto por medio de la Interfaz de Usuario. • https://kb.juniper.net/JSA11110 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-1611 – Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device.
https://notcve.org/view.php?id=CVE-2020-1611
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1. Una vulnerabilidad de Inclusión de Archivo Local en Juniper Networks Junos Space, permite a un atacante visualizar todos los archivos en el destino cuando el dispositivo recibe paquetes HTTP maliciosos. Este problema afecta a: Juniper Networks Junos Space versiones anteriores a 19.4R1. • https://github.com/Ibonok/CVE-2020-1611 https://kb.juniper.net/JSA10993 https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224 •
CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2019-0016 – Junos Space: Authenticated user able to delete devices without delete device privileges
https://notcve.org/view.php?id=CVE-2019-0016
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. Un usuario autenticado malicioso podría ser capaz de eliminar un dispositivo de la base de datos de Junos Space sin los privilegios necesarios mediante interacciones Ajax manipuladas obtenidas de otra acción legítima eliminada realizada por otro usuario administrativo. Las distribuciones afectadas son: Junos Space en todas sus versiones anteriores a la 18.3R1. • https://kb.juniper.net/JSA10917 •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2019-0017 – Junos Space: Unrestricted file upload vulnerability
https://notcve.org/view.php?id=CVE-2019-0017
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. La aplicación de Junos Space, que permite que los archivos Device Image se suban, tiene una comprobación de validez insuficiente, lo que podría permitir la subida de imágenes o scripts, así como otros tipos de contenido. Las distribuciones afectadas son: Junos Space en todas sus versiones anteriores a la 18.3R1. • https://kb.juniper.net/JSA10917 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0046 – Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS
https://notcve.org/view.php?id=CVE-2018-0046
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en OpenNMS incluido con Juniper Networks Junos Space podría permitir el robo de información sensible o credenciales de sesión de los administradores de Junos Space o realizar acciones administrativas. Este problema afecta a Juniper Networks Junos Space en versiones anteriores a la 18.2R1. • http://www.securityfocus.com/bid/105566 http://www.securitytracker.com/id/1041862 https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d https://kb.juniper.net/JSA10880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •