Juniper Contrail Service Orchestration — known CVE vulnerabilities
Every CVE whose affected-product data names Juniper Contrail Service Orchestration, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-0041 — CVSS 9.8 (critical): Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These…
CVE-2018-0040 — CVSS 9.8 (critical): Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases…
CVE-2018-0038 — CVSS 9.8 (critical): Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded…
CVE-2018-0042 — CVSS 9.8 (critical): Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.
CVE-2022-22152 — CVSS 7.7 (high): A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the…
CVE-2022-22189 — CVSS 7.3 (high): An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated…
CVE-2018-0039 — CVSS 6.5 (medium): Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials…