CVE-2014-3820

EPSS 0.32%
Published 29.09.2014 14:55:08
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Pulse Access Control Service Version4.1

Juniper ≫ Junos Pulse Access Control Service Version4.1r1

Juniper ≫ Junos Pulse Access Control Service Version4.1r1.1

Juniper ≫ Junos Pulse Access Control Service Version4.1r2

Juniper ≫ Junos Pulse Access Control Service Version4.1r3

Juniper ≫ Junos Pulse Access Control Service Version4.1r4

Juniper ≫ Junos Pulse Access Control Service Version4.1r5

Juniper ≫ Junos Pulse Access Control Service Version4.4

Juniper ≫ Junos Pulse Access Control Service Version4.4 Updater1

Juniper ≫ Junos Pulse Access Control Service Version4.4 Updater2

Juniper ≫ Junos Pulse Access Control Service Version5.0

Juniper ≫ Junos Pulse Secure Access Service Version7.1

Juniper ≫ Junos Pulse Secure Access Service Version7.1r1

Juniper ≫ Junos Pulse Secure Access Service Version7.1r1.1

Juniper ≫ Junos Pulse Secure Access Service Version7.1r2

Juniper ≫ Junos Pulse Secure Access Service Version7.1r3

Juniper ≫ Junos Pulse Secure Access Service Version7.1r4

Juniper ≫ Junos Pulse Secure Access Service Version7.1r5

Juniper ≫ Junos Pulse Secure Access Service Version7.1r6

Juniper ≫ Junos Pulse Secure Access Service Version7.1r7

Juniper ≫ Junos Pulse Secure Access Service Version7.1r8

Juniper ≫ Junos Pulse Secure Access Service Version7.1r9

Juniper ≫ Junos Pulse Secure Access Service Version7.1r10

Juniper ≫ Junos Pulse Secure Access Service Version7.1r11

Juniper ≫ Junos Pulse Secure Access Service Version7.1r12

Juniper ≫ Junos Pulse Secure Access Service Version7.1r13

Juniper ≫ Junos Pulse Secure Access Service Version7.1r14

Juniper ≫ Junos Pulse Secure Access Service Version7.1r15

Juniper ≫ Junos Pulse Secure Access Service Version7.4

Juniper ≫ Junos Pulse Secure Access Service Version7.4 Updater1.0

Juniper ≫ Junos Pulse Secure Access Service Version7.4 Updater2.0

Juniper ≫ Junos Pulse Secure Access Service Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.515

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securitytracker.com/id/1030852

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-3820

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3820

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3820

EUVD