8

CVE-2018-0047

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.

Data is provided by the National Vulnerability Database (NVD)
JuniperJunos Space Version13.3 Updater1
JuniperJunos Space Version13.3 Updater2
JuniperJunos Space Version14.1 Updater1
JuniperJunos Space Version14.1 Updater2
JuniperJunos Space Version14.1 Updater3
JuniperJunos Space Version15.1 Updater1
JuniperJunos Space Version15.1 Updater2
JuniperJunos Space Version15.1 Updater3
JuniperJunos Space Version15.1 Updater4
JuniperJunos Space Version15.2 Updater1
JuniperJunos Space Version15.2 Updater2
JuniperJunos Space Version16.1 Updater1
JuniperJunos Space Version16.1 Updater2
JuniperJunos Space Version16.1 Updater3
JuniperJunos Space Version17.1 Updater1
JuniperJunos Space Version17.2 Updater1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.32% 0.517
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.4 2.3 2.7
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
sirt@juniper.net 8 2.1 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securitytracker.com/id/1041863
Third Party Advisory
VDB Entry