CVE-2018-0046

EPSS 0.91%
Published 10.10.2018 18:29:00
Last modified 21.11.2024 03:37:25
Source sirt@juniper.net
Teams watchlist Login
Open Login

A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.

Affected products Warnungen 0 Metrics 4 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Space Version18.1r1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.91%	0.749

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
sirt@juniper.net	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/105566

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1041862

Third Party Advisory

VDB Entry

https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d

Patch

Third Party Advisory

https://kb.juniper.net/JSA10880

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0046

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0046

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0046

EUVD