CVE-2019-0004 Vulnerability Details

  /     /     /  

CVE-2019-0004 Metadata Quick Info

CVE Published: 15/01/2019 | CVE Updated: 16/09/2024 | CVE Year: 2019
Source: juniper | Vendor: Juniper Networks | Product: Juniper ATP
Status : PUBLISHED

CVE-2019-0004 Description

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-532
CWE Name: CWE-532 - Information Exposure Through Log Files
Source: Juniper Networks

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).