Juniper Advanced Threat Prevention vulnerabilities

11 known vulnerabilities affecting juniper/advanced_threat_prevention.

Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2019-0022CRITICALCVSS 9.8≥ 5.0.0, < 5.0.32019-01-15
CVE-2019-0022 [CRITICAL] CWE-798 CVE-2019-0022: Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker t Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
nvd
CVE-2019-0020CRITICALCVSS 9.8≥ 5.0.0, < 5.0.32019-01-15
CVE-2019-0020 [CRITICAL] CWE-798 CVE-2019-0020: Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
nvd
CVE-2019-0029HIGHCVSS 7.8≥ 5.0.0, < 5.0.32019-01-15
CVE-2019-0029 [HIGH] CWE-532 CVE-2019-0029: Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Us Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
nvd
CVE-2019-0018MEDIUMCVSS 5.4≥ 5.0.0, < 5.0.32019-01-15
CVE-2019-0018 [MEDIUM] CWE-79 CVE-2019-0018: A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may all A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper
nvd
CVE-2019-0026MEDIUMCVSS 5.4≥ 5.0.0, < 5.0.32019-01-15
CVE-2019-0026 [MEDIUM] CWE-79 CVE-2019-0026: A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may a A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper A
nvd
CVE-2019-0004MEDIUMCVSS 5.5≥ 5.0.0, < 5.0.32019-01-15
CVE-2019-0004 [MEDIUM] CWE-532 CVE-2019-0004: On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
nvd
CVE-2019-0023MEDIUMCVSS 5.4≥ 5.0.0, < 5.0.32019-01-15
CVE-2019-0023 [MEDIUM] CWE-79 CVE-2019-0023: A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5
nvd
CVE-2019-0025MEDIUMCVSS 5.4≥ 5.0.0, < 5.0.32019-01-15
CVE-2019-0025 [MEDIUM] CWE-79 CVE-2019-0025: A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP ma A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Junipe
nvd
CVE-2019-0021MEDIUMCVSS 5.5≥ 5.0.0, < 5.0.42019-01-15
CVE-2019-0021 [HIGH] CWE-532 CVE-2019-0021: On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in cl On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4.
nvd
CVE-2019-0024MEDIUMCVSS 5.4≥ 5.0.0, < 5.0.32019-01-15
CVE-2019-0024 [MEDIUM] CWE-79 CVE-2019-0024: A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP ma A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Junipe
nvd
CVE-2019-0027MEDIUMCVSS 5.4≥ 5.0.0, < 5.0.32019-01-15
CVE-2019-0027 [MEDIUM] CWE-79 CVE-2019-0027: A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper AT A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Ju
nvd