CVE-2022-22152

EPSS 0.33%
Published 19.01.2022 01:15:08
Last modified 21.11.2024 06:46:15
Source sirt@juniper.net
Teams watchlist Login
Open Login

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Contrail Service Orchestration Version <= 6.0.0

Juniper ≫ Contrail Service Orchestration Version6.1.0 Update-

Juniper ≫ Contrail Service Orchestration Version6.1.0 Updatepatch1

Juniper ≫ Contrail Service Orchestration Version6.1.0 Updatepatch2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.525

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
sirt@juniper.net	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://kb.juniper.net/JSA11260

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22152

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22152

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22152

EUVD