Junos Space
Approved changes feed: RSS · Atom
cpe:2.3:a:juniper_networks:junos_space:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Juniper Networks (75c1b4ad-b137-51c1-bf9a-3bc90c5e98be) |
|---|---|
| Product | Junos Space (985afd22-bc04-55f7-aa9c-0e063c50a209) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-21907 |
vulnerable | 2026-06-03 15:15:51.983052 |
Junos Space: TLS/SSL server supports use of static key ciphers (ssl-static-key-ciphers)
MEDIUM (5.9)
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS), affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5.
Published: 2026-01-15T20:21:11.010Z
Updated: 2026-01-15T21:12:31.198Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-21904 |
vulnerable | 2026-06-03 15:15:51.886712 |
Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the
list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R5 Patch V3.
Published: 2026-04-09T21:26:09.896Z
Updated: 2026-04-10T14:14:55.321Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-60009 |
vulnerable | 2026-06-03 15:07:55.408309 |
Junos Space: CLI Configlet page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the
CLI Configlet
page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:19:53.583Z
Updated: 2025-10-09T19:46:40.931Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-60002 |
vulnerable | 2026-06-03 15:07:55.255949 |
Junos Space: Template Definitions page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:17:42.287Z
Updated: 2025-10-09T19:46:56.781Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-60001 |
vulnerable | 2026-06-03 15:07:55.255239 |
Junos Space: Create Quick Template page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:17:11.512Z
Updated: 2025-10-09T19:47:02.793Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-60000 |
vulnerable | 2026-06-03 15:07:55.248444 |
Junos Space: Generate Report page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:16:35.897Z
Updated: 2025-10-09T19:47:09.232Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59999 |
vulnerable | 2026-06-03 15:06:26.699936 |
Junos Space: API Access Profiles page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:16:15.589Z
Updated: 2025-10-09T19:47:15.174Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59998 |
vulnerable | 2026-06-03 15:06:26.699445 |
Junos Space: Archive Logs screen is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Archive Log screen that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:15:32.812Z
Updated: 2025-10-09T19:47:20.307Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59997 |
vulnerable | 2026-06-03 15:06:26.698960 |
Junos Space: Fields in the CLI Configlets are vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlets pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:15:11.774Z
Updated: 2025-10-09T19:47:26.439Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59996 |
vulnerable | 2026-06-03 15:06:26.698314 |
Junos Space: Configuration View page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:14:35.544Z
Updated: 2025-10-09T19:47:31.628Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59995 |
vulnerable | 2026-06-03 15:06:26.697913 |
Junos Space: Template creation through Definition is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:14:13.515Z
Updated: 2025-10-09T19:47:36.800Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59994 |
vulnerable | 2026-06-03 15:06:26.697519 |
Junos Space: Quick Template page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:13:42.534Z
Updated: 2025-10-09T19:47:42.237Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59993 |
vulnerable | 2026-06-03 15:06:26.696922 |
Junos Space: Space Node Setting fields are vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:13:18.696Z
Updated: 2025-10-09T19:47:47.486Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59992 |
vulnerable | 2026-06-03 15:06:26.692437 |
Junos Space: Secure Console page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Secure Console page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:12:42.750Z
Updated: 2025-10-09T19:47:53.093Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59991 |
vulnerable | 2026-06-03 15:06:26.692057 |
Junos Space: Device Management pages are vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Management pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:12:18.687Z
Updated: 2025-10-09T19:47:58.402Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59990 |
vulnerable | 2026-06-03 15:06:26.691675 |
Junos Space: Template creation pages are vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the template creation pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:11:42.999Z
Updated: 2025-10-09T19:48:04.888Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59989 |
vulnerable | 2026-06-03 15:06:26.691040 |
Junos Space: Device Discovery page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Discovery page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:11:03.170Z
Updated: 2025-10-09T19:48:11.763Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59988 |
vulnerable | 2026-06-03 15:06:26.690645 |
Junos Space: Generate Report page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:10:38.603Z
Updated: 2025-10-09T19:48:16.828Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59987 |
vulnerable | 2026-06-03 15:06:26.690000 |
Junos Space: The arbitrary device search field is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:09:57.200Z
Updated: 2025-10-09T19:48:22.089Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59986 |
vulnerable | 2026-06-03 15:06:26.689583 |
Junos Space: Input fields in Model Devices are vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the input fields in Model Devices that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:09:33.235Z
Updated: 2025-10-09T19:48:27.318Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59985 |
vulnerable | 2026-06-03 15:06:26.689030 |
Junos Space: Purging Policy field is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in a field on the Purging Policy page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:08:57.466Z
Updated: 2025-10-09T19:48:32.382Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59984 |
vulnerable | 2026-06-03 15:06:26.688514 |
Junos Space: Global Search is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in Global Search that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:08:22.799Z
Updated: 2025-10-09T19:48:37.601Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59983 |
vulnerable | 2026-06-03 15:06:26.688078 |
Junos Space: Template Definition page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:07:25.496Z
Updated: 2025-10-09T19:48:43.861Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59982 |
vulnerable | 2026-06-03 15:06:26.687293 |
Junos Space: Dashboard Search field is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:06:53.621Z
Updated: 2025-10-09T19:48:49.446Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59981 |
vulnerable | 2026-06-03 15:06:26.686728 |
Junos Space: Device Template Definition page is vulnerable to reflected cross-site script injection
MEDIUM (6.1)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:06:13.041Z
Updated: 2025-10-09T19:48:55.743Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59978 |
vulnerable | 2026-06-03 15:06:26.683135 |
Junos Space: Stored cross-site scripting vulnerability in web application
CRITICAL (9)
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's administrative permissions.
This issue affects all versions of Junos Space before 24.1R4.
Published: 2025-10-09T16:02:59.714Z
Updated: 2026-02-26T17:47:56.168Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59976 |
vulnerable | 2026-06-03 15:06:26.680365 |
Junos Space: Arbitrary file download vulnerability in web interface
MEDIUM (6.5)
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.
Published: 2025-10-09T15:59:07.997Z
Updated: 2025-10-09T19:49:14.069Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59975 |
vulnerable | 2026-06-03 15:06:26.677893 |
Junos Space: Flooding device with inbound API calls leads to WebUI and CLI management access DoS
HIGH (7.5)
An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS).
After continuously flooding the system with inbound connection requests, all available file handles become consumed, blocking access to the system via SSH and the web user interface (WebUI), resulting in a management interface DoS. A manual reboot of the system is required to restore functionality.
This issue affects Junos Space:
* all versions before 22.2R1 Patch V3,
* from 23.1 before 23.1R1 Patch V3.
Published: 2025-10-09T15:58:33.416Z
Updated: 2025-10-09T19:49:19.097Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39563 |
vulnerable | 2026-06-03 14:56:21.847696 |
Junos Space: Remote Command Execution (RCE) vulnerability in web application
HIGH (7.3)
A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device.
A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulnerability to execute arbitrary shell commands on the Junos Space Appliance.
This issue affects Junos Space 24.1R1. Previous versions of Junos Space are unaffected by this vulnerability.
Published: 2024-10-11T15:21:18.354Z
Updated: 2024-10-11T18:03:20.129Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-0220 |
vulnerable | 2026-06-03 14:43:25.038787 |
Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI
MEDIUM (6.8)
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.
Published: 2021-01-15T17:36:01.350Z
Updated: 2024-09-16T22:20:15.866Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-1652 |
vulnerable | 2026-06-03 14:41:57.884496 |
Junos Space: OpenNMS is accessible via port 9443
MEDIUM (5.6)
OpenNMS is accessible via port 9443
Published: 2020-07-17T18:40:44.141Z
Updated: 2024-09-17T01:21:29.199Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-1611 |
vulnerable | 2026-06-03 14:41:57.392149 |
Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device.
MEDIUM (6.5)
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1.
Published: 2020-01-15T08:40:38.352Z
Updated: 2024-09-16T16:32:34.144Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0017 |
vulnerable | 2026-06-03 14:39:11.448885 |
Junos Space: Unrestricted file upload vulnerability
MEDIUM (6.5)
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T23:51:28.235Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0016 |
vulnerable | 2026-06-03 14:39:11.435288 |
Junos Space: Authenticated user able to delete devices without delete device privileges
MEDIUM (6.5)
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T22:20:18.542Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0046 |
vulnerable | 2026-06-03 14:37:48.157284 |
Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS
HIGH (8.8)
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.
Published: 2018-10-10T18:00:00.000Z
Updated: 2024-09-17T03:13:58.773Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0013 |
vulnerable | 2026-06-03 14:37:47.907427 |
Junos Space: Local File Inclusion Vulnerability
MEDIUM (6.5)
A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system.
Published: 2018-01-10T22:00:00.000Z
Updated: 2024-09-16T17:58:10.400Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0012 |
vulnerable | 2026-06-03 14:37:47.906181 |
Junos Space: Local privilege escalation vulnerability in Junos Space
HIGH (7.8)
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.
Published: 2018-01-10T22:00:00.000Z
Updated: 2024-09-16T19:56:44.250Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0011 |
vulnerable | 2026-06-03 14:37:47.896564 |
Junos Space: Reflected XSS vulnerability in Junos Space management interface
MEDIUM (5.4)
A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device.
Published: 2018-01-10T22:00:00.000Z
Updated: 2024-09-17T04:14:59.562Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2311 |
vulnerable | 2026-06-03 14:37:07.343050 |
Details available
On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition.
Published: 2017-05-30T14:00:00.000Z
Updated: 2024-08-05T13:48:05.266Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2310 |
vulnerable | 2026-06-03 14:37:07.342759 |
Details available
A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk.
Published: 2017-05-30T14:00:00.000Z
Updated: 2024-08-05T13:48:05.366Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2309 |
vulnerable | 2026-06-03 14:37:07.342450 |
Details available
On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk.
Published: 2017-05-30T14:00:00.000Z
Updated: 2024-08-05T13:48:05.397Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2308 |
vulnerable | 2026-06-03 14:37:07.342118 |
Details available
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.
Published: 2017-05-30T14:00:00.000Z
Updated: 2024-08-05T13:48:05.272Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2307 |
vulnerable | 2026-06-03 14:37:07.340100 |
Details available
A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.
Published: 2017-05-30T14:00:00.000Z
Updated: 2024-08-05T13:48:05.388Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2306 |
vulnerable | 2026-06-03 14:37:07.339778 |
Details available
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
Published: 2017-05-30T14:00:00.000Z
Updated: 2024-08-05T13:48:05.310Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2305 |
vulnerable | 2026-06-03 14:37:07.338795 |
Details available
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.
Published: 2017-05-30T14:00:00.000Z
Updated: 2024-08-05T13:48:05.222Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10624 |
vulnerable | 2026-06-03 14:36:26.961677 |
Junos Space: Insufficient verification of node certificates.
HIGH (7.5)
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
Published: 2017-10-13T17:00:00.000Z
Updated: 2024-09-16T23:35:54.890Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10623 |
vulnerable | 2026-06-03 14:36:26.961305 |
Junos Space: Insufficient verification of cluster messages
HIGH (7.1)
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
Published: 2017-10-13T17:00:00.000Z
Updated: 2024-09-17T03:07:21.286Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10622 |
vulnerable | 2026-06-03 14:36:26.957492 |
Junos Space: Authentication bypass vulnerability
CRITICAL (9.8)
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher.
Published: 2017-10-13T17:00:00.000Z
Updated: 2024-09-17T02:48:01.943Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10612 |
vulnerable | 2026-06-03 14:36:26.888059 |
Junos Space: Persistent Cross site scripting in Junos Space
HIGH (8)
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
Published: 2017-10-13T17:00:00.000Z
Updated: 2024-09-17T02:26:17.415Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.