Juniper Junos Space 16.1 R1

CPE Details

Juniper Junos Space 16.1 R1
juniper
junos_space
16.1
2018-01-29
16h54 +00:00
2021-04-15
13h49 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:juniper:junos_space:16.1:r1:*:*:*:*:*:*

Informations

Vendor

juniper

Product

junos_space

Version

16.1

Update

r1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-0016 2019-01-15 21h00 +00:00 A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
6.5
Moyen
CVE-2019-0017 2019-01-15 21h00 +00:00 The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
8.8
Haute
CVE-2018-0011 2018-01-10 22h00 +00:00 A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device.
5.4
Moyen
CVE-2017-10612 2017-10-13 17h00 +00:00 A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
8
Haute
CVE-2017-10623 2017-10-13 17h00 +00:00 Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
8.1
Haute
CVE-2017-2305 2017-05-30 12h00 +00:00 On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.
8.8
Haute
CVE-2017-2306 2017-05-30 12h00 +00:00 On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
8.8
Haute
CVE-2017-2308 2017-05-30 12h00 +00:00 An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.
6.5
Moyen
CVE-2017-2309 2017-05-30 12h00 +00:00 On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk.
5.9
Moyen
CVE-2017-2311 2017-05-30 12h00 +00:00 On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition.
5.3
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.