CVE-2019-0018

CWE-79 — Cross-site Scripting (XSS)CWE-119 — Buffer Overflow7 documents7 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 50.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Juniper ATP Juniper Advanced Threat Prevention

Timeline

PublishedJan 15

Latest updateMay 30

Description

A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5juniper_networks/juniper_atp5 — 5.0.3

▶NVDjuniper/advanced_threat_prevention5.0.0 — 5.0.3

Patches

Patch: kb.juniper.net ↗Patch: kb.juniper.net ↗

🔴Vulnerability Details

OSV

CVE-2024-36885: In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Currently, en↗2024-05-30

▶

GHSA

GHSA-64q2-7r9m-7p7x: A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scrip↗2022-05-13

▶

CVEList

Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu↗2019-01-15

▶

📋Vendor Advisories

VMware

VMware vCenter Server Appliance updates address sensitive information disclosure vulnerability in backup and restore functions (CVE-2019-5537, CVE-2019-5538)↗2019-10-24

▶

Juniper

CVE-2019-0018: A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scrip↗2019-01-15

▶