// For flags

CVE-2017-2307

 

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.

Una vulnerabilidad XSS de tipo reflejado en la interfaz de administraciĆ³n de Junos Space de Juniper Networks en versiones anteriores a 16.1R1, puede permitir a atacantes remotos robar informaciĆ³n confidencial o realizar ciertas acciones administrativas en Junos Space.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-01 CVE Reserved
  • 2017-05-30 CVE Published
  • 2023-04-09 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL Tag Source
http://www.securityfocus.com/bid/98749 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA10770 2017-06-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
<= 15.2
Search vendor "Juniper" for product "Junos Space" and version " <= 15.2"
r2
Affected