Lucene search

[email protected]CVE-2014-3820

HistorySep 29, 2014 - 2:55 p.m.

CVE-2014-3820

2014-09-2914:55:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3820

cross-site scripting

xss

juniper junos pulse

ssl vpn

uac

vulnerability

nvd

security advisory

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

juniperjunos_pulse_access_control_serviceMatch4.1

juniperjunos_pulse_access_control_serviceMatch4.1r1

juniperjunos_pulse_access_control_serviceMatch4.1r1.1

juniperjunos_pulse_access_control_serviceMatch4.1r2

juniperjunos_pulse_access_control_serviceMatch4.1r3

juniperjunos_pulse_access_control_serviceMatch4.1r4

juniperjunos_pulse_access_control_serviceMatch4.1r5

juniperjunos_pulse_access_control_serviceMatch4.4

juniperjunos_pulse_access_control_serviceMatch4.4r1

juniperjunos_pulse_access_control_serviceMatch4.4r2

juniperjunos_pulse_access_control_serviceMatch5.0

juniperjunos_pulse_secure_access_serviceMatch7.1

juniperjunos_pulse_secure_access_serviceMatch7.1r1

juniperjunos_pulse_secure_access_serviceMatch7.1r1.1

juniperjunos_pulse_secure_access_serviceMatch7.1r2

juniperjunos_pulse_secure_access_serviceMatch7.1r3

juniperjunos_pulse_secure_access_serviceMatch7.1r4

juniperjunos_pulse_secure_access_serviceMatch7.1r5

juniperjunos_pulse_secure_access_serviceMatch7.1r6

juniperjunos_pulse_secure_access_serviceMatch7.1r7

juniperjunos_pulse_secure_access_serviceMatch7.1r8

juniperjunos_pulse_secure_access_serviceMatch7.1r9

juniperjunos_pulse_secure_access_serviceMatch7.1r10

juniperjunos_pulse_secure_access_serviceMatch7.1r11

juniperjunos_pulse_secure_access_serviceMatch7.1r12

juniperjunos_pulse_secure_access_serviceMatch7.1r13

juniperjunos_pulse_secure_access_serviceMatch7.1r14

juniperjunos_pulse_secure_access_serviceMatch7.1r15

juniperjunos_pulse_secure_access_serviceMatch7.4

juniperjunos_pulse_secure_access_serviceMatch7.4r1.0

juniperjunos_pulse_secure_access_serviceMatch7.4r2.0

juniperjunos_pulse_secure_access_serviceMatch8.0

CPENameOperatorVersion
juniper:junos_pulse_access_control_servicejuniper junos pulse access control serviceeq4.1
juniper:junos_pulse_access_control_servicejuniper junos pulse access control serviceeq4.1r1
juniper:junos_pulse_access_control_servicejuniper junos pulse access control serviceeq4.1r1.1
juniper:junos_pulse_access_control_servicejuniper junos pulse access control serviceeq4.1r2
juniper:junos_pulse_access_control_servicejuniper junos pulse access control serviceeq4.1r3
juniper:junos_pulse_access_control_servicejuniper junos pulse access control serviceeq4.1r4
juniper:junos_pulse_access_control_servicejuniper junos pulse access control serviceeq4.1r5
juniper:junos_pulse_access_control_servicejuniper junos pulse access control serviceeq4.4
juniper:junos_pulse_access_control_servicejuniper junos pulse access control serviceeq5.0
juniper:junos_pulse_secure_access_servicejuniper junos pulse secure access serviceeq7.1

CPE	Name	Operator	Version
juniper:junos_pulse_access_control_service	juniper junos pulse access control service	eq	4.1
juniper:junos_pulse_access_control_service	juniper junos pulse access control service	eq	4.1r1
juniper:junos_pulse_access_control_service	juniper junos pulse access control service	eq	4.1r1.1
juniper:junos_pulse_access_control_service	juniper junos pulse access control service	eq	4.1r2
juniper:junos_pulse_access_control_service	juniper junos pulse access control service	eq	4.1r3
juniper:junos_pulse_access_control_service	juniper junos pulse access control service	eq	4.1r4
juniper:junos_pulse_access_control_service	juniper junos pulse access control service	eq	4.1r5
juniper:junos_pulse_access_control_service	juniper junos pulse access control service	eq	4.4
juniper:junos_pulse_access_control_service	juniper junos pulse access control service	eq	5.0
juniper:junos_pulse_secure_access_service	juniper junos pulse secure access service	eq	7.1

Rows per page:

1-10 of 281

References

www.securitytracker.com/id/1030852

kb.juniper.net/InfoCenter/index?page=content&id=JSA10645

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for CVE-2014-3820

nessus1 cvelist1 prion1 nvd1