CVE-2019-0029

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

7.8HIGH

EPSS

0.0%

top 84.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Juniper ATP Juniper Advanced Threat Prevention

Timeline

PublishedJan 15

Latest updateMay 13

Description

Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5juniper_networks/juniper_atp5.0 — 5.0.3

▶NVDjuniper/advanced_threat_prevention5.0.0 — 5.0.3

🔴Vulnerability Details

GHSA

GHSA-7gx6-2pr2-4xf4: Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users↗2022-05-13

▶

CVEList

Juniper ATP: Splunk credentials are in logged in clear text↗2019-01-15

▶

📋Vendor Advisories

Juniper

CVE-2019-0029: Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the S↗2019-01-15

▶