CVE-2019-0004
Severity
5.5MEDIUM
EPSS
0.0%
top 84.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 15
Latest updateMay 13
Description
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages2 packages
🔴Vulnerability Details
2📋Vendor Advisories
3VMware▶
VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2019-5543, CVE-2020-3947, CVE-2020-3948)↗2020-03-12
VMware▶
VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability↗2019-03-28
Juniper▶
CVE-2019-0004: On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical↗2019-01-15
💬Community
21Bugzilla▶
CVE-2019-8681 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-07
Bugzilla▶
CVE-2019-8684 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-07
Bugzilla▶
CVE-2019-8658 webkitgtk: Incorrect state management leading to universal cross-site scripting↗2020-09-07
Bugzilla▶
CVE-2019-8673 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-07
Bugzilla▶
CVE-2019-8666 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-07