Juniper Atp
Approved changes feed: RSS · Atom
cpe:2.3:a:juniper_networks:juniper_atp:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Juniper Networks (75c1b4ad-b137-51c1-bf9a-3bc90c5e98be) |
|---|---|
| Product | Juniper Atp (e7a60d33-0ee1-5f70-b8df-3db4a134696d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-0030 |
vulnerable | 2026-06-03 14:39:11.483474 |
Juniper ATP: Password hashing uses DES and a hardcoded salt
MEDIUM (6.7)
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T17:17:54.376Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0029 |
vulnerable | 2026-06-03 14:39:11.483037 |
Juniper ATP: Splunk credentials are in logged in clear text
HIGH (8.8)
Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T22:03:43.469Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0027 |
vulnerable | 2026-06-03 14:39:11.464917 |
Juniper ATP: Persistent Cross-Site Scripting vulnerability in Snort Rules configuration
MEDIUM (5.4)
A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-17T00:21:24.078Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0026 |
vulnerable | 2026-06-03 14:39:11.464423 |
Juniper ATP: Persistent Cross-Site Scripting vulnerability in Zone configuration
MEDIUM (5.4)
A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T16:59:13.791Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0025 |
vulnerable | 2026-06-03 14:39:11.464038 |
Juniper ATP: Persistent Cross-Site Scripting vulnerability in RADIUS configuration menu
MEDIUM (5.4)
A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-17T00:21:45.869Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0024 |
vulnerable | 2026-06-03 14:39:11.463492 |
Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Email Collectors menu
MEDIUM (5.4)
A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T20:32:19.806Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0023 |
vulnerable | 2026-06-03 14:39:11.463117 |
Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu
MEDIUM (5.4)
A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T19:00:38.903Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0022 |
vulnerable | 2026-06-03 14:39:11.462515 |
Juniper ATP: Two hard coded credentials sharing the same password give an attacker the ability to take control of any installation of the software.
CRITICAL (10)
Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T21:03:47.862Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0021 |
vulnerable | 2026-06-03 14:39:11.462117 |
Juniper ATP: secret CLI inputs are logged to /var/log/syslog in clear text
HIGH (7.1)
On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T20:48:00.968Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0020 |
vulnerable | 2026-06-03 14:39:11.461684 |
Juniper ATP: Hard coded credentials used in Web Collector
CRITICAL (10)
Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T22:01:48.191Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0018 |
vulnerable | 2026-06-03 14:39:11.449773 |
Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu
MEDIUM (5.4)
A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T18:39:46.049Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-0004 |
vulnerable | 2026-06-03 14:39:11.289899 |
Juniper ATP: API and device keys are logged in a world-readable permissions file
HIGH (7.8)
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Published: 2019-01-15T21:00:00.000Z
Updated: 2024-09-16T16:17:26.216Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.