CVE-2019-0026

Summary

A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJuniper ATP5 < 5.0.3affected

Weaknesses

  • XSS

Workarounds

There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk.

ADP Enrichment

CVE Program Container

Additional References

References