Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0047

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.

Published

2018-10-10T18:29:01.517

Last Modified

2024-11-21T03:37:25.683

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.0 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

6.8

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System juniper junos_space 13.3 Yes
Operating System juniper junos_space 13.3 Yes
Operating System juniper junos_space 14.1 Yes
Operating System juniper junos_space 14.1 Yes
Operating System juniper junos_space 14.1 Yes
Operating System juniper junos_space 15.1 Yes
Operating System juniper junos_space 15.1 Yes
Operating System juniper junos_space 15.1 Yes
Operating System juniper junos_space 15.1 Yes
Operating System juniper junos_space 15.2 Yes
Operating System juniper junos_space 15.2 Yes
Operating System juniper junos_space 16.1 Yes
Operating System juniper junos_space 16.1 Yes
Operating System juniper junos_space 16.1 Yes
Operating System juniper junos_space 17.1 Yes
Operating System juniper junos_space 17.2 Yes
References