7.4

CVE-2021-0296

EPSS 0.12%
Veröffentlicht 19.10.2021 19:15:08
Zuletzt bearbeitet 21.11.2024 05:42:25
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Ctpview Version7.3 Updater1

Juniper ≫ Ctpview Version7.3 Updater2

Juniper ≫ Ctpview Version7.3 Updater3

Juniper ≫ Ctpview Version7.3 Updater4

Juniper ≫ Ctpview Version7.3 Updater5

Juniper ≫ Ctpview Version7.3 Updater6

Juniper ≫ Ctpview Version9.1 Updater1

Juniper ≫ Ctpview Version9.1 Updater2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.284

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
sirt@juniper.net	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://kb.juniper.net/JSA11210

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-0296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-0296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-0296

EUVD