Lucene search

JuniperCVELIST:CVE-2018-0046

HistoryOct 10, 2018 - 6:00 p.m.

CVE-2018-0046 Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS

2018-10-1018:00:00

juniper

www.cve.org

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

50.4%

JSON

A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.

CNA Affected

[
  {
    "product": "Junos Space",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "18.2R1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105566

www.securitytracker.com/id/1041862

github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d

kb.juniper.net/JSA10880

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

50.4%

JSON

Related for CVELIST:CVE-2018-0046