CVE-2018-0046
Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS
Severity Score
6.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.
Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en OpenNMS incluido con Juniper Networks Junos Space podría permitir el robo de información sensible o credenciales de sesión de los administradores de Junos Space o realizar acciones administrativas. Este problema afecta a Juniper Networks Junos Space en versiones anteriores a la 18.2R1.
*Credits:
Marcel Bilal of IT-Dienstleistungszentrum Berlin
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-11-16 CVE Reserved
- 2018-10-10 CVE Published
- 2024-07-25 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105566 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041862 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d | 2019-10-09 |
| URL | Date | SRC |
|---|---|---|
| https://kb.juniper.net/JSA10880 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 18.1r1 Search vendor "Juniper" for product "Junos Space" and version "18.1r1" | - |
Affected
| ||||||