Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
References
Link | Resource |
---|---|
https://kb.juniper.net/JSA10918 | Vendor Advisory |
https://kb.juniper.net/JSA10918 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 10.0 |
References | () https://kb.juniper.net/JSA10918 - Vendor Advisory |
Information
Published : 2019-01-15 21:29
Updated : 2024-11-21 04:16
NVD link : CVE-2019-0020
Mitre link : CVE-2019-0020
CVE.ORG link : CVE-2019-0020
JSON object : View
Products Affected
juniper
- atp400
- atp700
- advanced_threat_prevention
CWE
CWE-798
Use of Hard-coded Credentials