CVE-2014-3820

Published: Sep 29, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.

Affected (32)

Products: Juniper: Junos Pulse Access Control Service, Junos Pulse Secure Access Service

Juniper

2 products

Junos Pulse Access Control Service

Junos Pulse Secure Access Service

Configuration A

32 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos Pulse Access Control Service	Version 4.1
Juniper Junos Pulse Access Control Service	Version 4.1r1.1
Juniper Junos Pulse Access Control Service	Version 4.1r1
Juniper Junos Pulse Access Control Service	Version 4.1r2
Juniper Junos Pulse Access Control Service	Version 4.1r3
Juniper Junos Pulse Access Control Service	Version 4.1r4
Juniper Junos Pulse Access Control Service	Version 4.1r5
Juniper Junos Pulse Access Control Service	Version 4.4
Juniper Junos Pulse Access Control Service	Version 4.4 r1
Juniper Junos Pulse Access Control Service	Version 4.4 r2
Juniper Junos Pulse Access Control Service	Version 5.0
Juniper Junos Pulse Secure Access Service	Version 7.1
Juniper Junos Pulse Secure Access Service	Version 7.1r1.1
Juniper Junos Pulse Secure Access Service	Version 7.1r10
Juniper Junos Pulse Secure Access Service	Version 7.1r11
Juniper Junos Pulse Secure Access Service	Version 7.1r12
Juniper Junos Pulse Secure Access Service	Version 7.1r13
Juniper Junos Pulse Secure Access Service	Version 7.1r14
Juniper Junos Pulse Secure Access Service	Version 7.1r15
Juniper Junos Pulse Secure Access Service	Version 7.1r1
Juniper Junos Pulse Secure Access Service	Version 7.1r2
Juniper Junos Pulse Secure Access Service	Version 7.1r3
Juniper Junos Pulse Secure Access Service	Version 7.1r4
Juniper Junos Pulse Secure Access Service	Version 7.1r5
Juniper Junos Pulse Secure Access Service	Version 7.1r6
Juniper Junos Pulse Secure Access Service	Version 7.1r7
Juniper Junos Pulse Secure Access Service	Version 7.1r8
Juniper Junos Pulse Secure Access Service	Version 7.1r9
Juniper Junos Pulse Secure Access Service	Version 7.4
Juniper Junos Pulse Secure Access Service	Version 7.4 r1.0
Juniper Junos Pulse Secure Access Service	Version 7.4 r2.0
Juniper Junos Pulse Secure Access Service	Version 8.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.securitytracker.com/id/1030852

Source: cve@mitre.org

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id/1030852

Source: af854a3a-2127-422b-91ae-364da2661108

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.