CVE-2018-0047
Last modified
CVE-2018-0047 is a vulnerability of currently unknown severity. A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. EPSS estimates a 0.86% chance of exploitation in the next 30 days.
Description
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Juniper | Junos Space | 13.3 | R1 |
| Juniper | Junos Space | 14.1 | R1 |
| Juniper | Junos Space | 15.1 | R1 |
| Juniper | Junos Space | 15.2 | R1 |
| Juniper | Junos Space | 16.1 | R1 |
| Juniper | Junos Space | 17.1 | R1 |
| Juniper | Junos Space | 17.2 | R1 |
References
- http://www.securitytracker.com/id/1041863Third Party Advisory, VDB Entry
- https://kb.juniper.net/JSA10881Vendor Advisory
- http://www.securitytracker.com/id/1041863Third Party Advisory, VDB Entry
- https://kb.juniper.net/JSA10881Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-0047?
How severe is CVE-2018-0047?
How do I fix CVE-2018-0047?
Are you affected by CVE-2018-0047?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST