Juniper Junos Space 16.1

CPE Details

Juniper Junos Space 16.1
juniper
junos_space
16.1
2020-10-02
14h43 +00:00
2020-10-02
14h43 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:juniper:junos_space:16.1:*:*:*:*:*:*:*

Informations

Vendor

juniper

Product

junos_space

Version

16.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-0220 2021-01-15 17h36 +00:00 The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.
6.8
Moyen
CVE-2018-0012 2018-01-10 22h00 +00:00 Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.
7.8
Haute
CVE-2017-10622 2017-10-13 17h00 +00:00 An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher.
9.8
Critique
CVE-2017-10624 2017-10-13 17h00 +00:00 Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
7.5
Haute
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.