CVE-2019-0020

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
References
Link Resource
https://kb.juniper.net/JSA10918 Vendor Advisory
https://kb.juniper.net/JSA10918 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*
OR cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:16

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 10.0
References () https://kb.juniper.net/JSA10918 - Vendor Advisory () https://kb.juniper.net/JSA10918 - Vendor Advisory

Information

Published : 2019-01-15 21:29

Updated : 2024-11-21 04:16


NVD link : CVE-2019-0020

Mitre link : CVE-2019-0020

CVE.ORG link : CVE-2019-0020


JSON object : View

Products Affected

juniper

  • atp400
  • atp700
  • advanced_threat_prevention
CWE
CWE-798

Use of Hard-coded Credentials