CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31381 – SRC Series: A remote attacker sending a specially crafted query may cause the web server to delete files
https://notcve.org/view.php?id=CVE-2021-31381
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system. Una debilidad de configuración en el componente JBoss Application Server (AppSvr) de Juniper Networks SRC Series permite a un atacante remoto enviar una consulta especialmente diseñada para causar que el servidor web elimine archivos, lo que puede permitir al atacante interrumpir la integridad y disponibilidad del sistema • https://kb.juniper.net/JSA11248 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31380 – SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information
https://notcve.org/view.php?id=CVE-2021-31380
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information. Una debilidad de configuración en el componente JBoss Application Server (AppSvr) de Juniper Networks SRC Series permite a un atacante remoto enviar una consulta especialmente diseñada para causar que el servidor web revele información confidencial en la respuesta HTTP, lo que permite al atacante conseguir información confidencial • https://kb.juniper.net/JSA11248 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-31352 – SRC Series: NETCONF over SSH allows negotiation of weak ciphers
https://notcve.org/view.php?id=CVE-2021-31352
An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6. Una vulnerabilidad de exposición de información en los dispositivos de Juniper Networks SRC Series configurados para NETCONF sobre SSH permite una negociación de cifrados débiles, lo que podría permitir a un atacante remoto conseguir información confidencial. Un atacante remoto con acceso de lectura y escritura a los datos de la red podría aprovechar esta vulnerabilidad para mostrar bits de texto plano de un bloque de texto cifrado y conseguir información confidencial. • https://kb.juniper.net/JSA11217 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •