Product:

Junos_space

(Juniper)
Repositories https://github.com/OpenNMS/opennms
#Vulnerabilities 50
Date Id Summary Products Score Patch Annotated
2017-03-20 CVE-2016-4929 Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. Junos_space 8.8
2017-03-20 CVE-2016-4928 Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. Junos_space 8.8
2017-03-20 CVE-2016-4927 Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. Junos_space 8.1
2017-03-20 CVE-2016-4926 Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. Junos_space 9.8
2018-04-05 CVE-2014-3413 The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. Junos_space 9.8
2014-05-20 CVE-2014-3412 Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors. Junos_space, Junos_space_ja1500_appliance, Junos_space_ja2500_appliance N/A
2013-08-16 CVE-2013-5097 Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462. Junos_space, Junos_space_ja1500_appliance, Junos_space_virtual_appliance N/A
2013-08-16 CVE-2013-5096 Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804. Junos_space, Junos_space_ja1500_appliance, Junos_space_virtual_appliance N/A
2013-08-16 CVE-2013-5095 Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469. Junos_space, Junos_space_ja1500_appliance, Junos_space_virtual_appliance N/A
2013-05-08 CVE-2013-3497 Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. Junos_space, Junos_space_ja1500_appliance, Junos_space_virtual_appliance N/A