Juniper Advanced Threat Prevention — known CVE vulnerabilities
Every CVE whose affected-product data names Juniper Advanced Threat Prevention, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2019-0022 — CVSS 10.0 (critical): Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any…
CVE-2019-0020 — CVSS 10.0 (critical): Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any…
CVE-2019-0029 — CVSS 8.8 (high): Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can…
CVE-2019-0021 — CVSS 7.1 (high): On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local…
CVE-2019-0004 — CVSS 5.5 (medium): On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for…
CVE-2019-0023 — CVSS 5.4 (medium): A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary…
CVE-2019-0024 — CVSS 5.4 (medium): A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject…
CVE-2019-0025 — CVSS 5.4 (medium): A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject…
CVE-2019-0026 — CVSS 5.4 (medium): A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject…
CVE-2019-0027 — CVSS 5.4 (medium): A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to…
CVE-2019-0018 — CVSS 5.4 (medium): A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject…