CVE-2019-0004

Published: Jan 15, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

Affected (1)

Products: Juniper: Advanced Threat Prevention

Juniper

1 product

Advanced Threat Prevention

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Juniper Advanced Threat Prevention	From 5.0.0 to 5.0.3

Running on/with	Platform Versions
Juniper Atp400	All versions
Juniper Atp700	All versions

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://kb.juniper.net/JSA10918

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA10918

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.