CVE-2019-0016

5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 61.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos Space Juniper Junos Space

Timeline

PublishedJan 15

Latest updateMay 13

Description

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_spaceunspecified — 18.3R1

▶NVDjuniper/junos_space9 versions+8

🔴Vulnerability Details

GHSA

GHSA-2662-x873-f333: A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax inte↗2022-05-13

▶

CVEList

Junos Space: Authenticated user able to delete devices without delete device privileges↗2019-01-15

▶

📋Vendor Advisories

VMware

VMware Cloud Foundation and VMware Harbor Container Registry for PCF address broken access control vulnerability (CVE-2019-16919)↗2019-10-15

▶

Juniper

CVE-2019-0016: A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax inte↗2019-01-15

▶