cvelist/2018/0xxx/CVE-2018-0046.json

{
    "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
        "ID": "CVE-2018-0046",
        "STATE": "PUBLIC",
        "TITLE": "Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Junos Space",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "<",
                                            "version_value": "18.2R1"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Juniper Networks"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1."
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
    ],
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Reflected cross-site scripting vulnerability"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "105566",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/105566"
            },
            {
                "name": "https://kb.juniper.net/JSA10880",
                "refsource": "CONFIRM",
                "url": "https://kb.juniper.net/JSA10880"
            },
            {
                "name": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d",
                "refsource": "CONFIRM",
                "url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
            },
            {
                "name": "1041862",
                "refsource": "SECTRACK",
                "url": "http://www.securitytracker.com/id/1041862"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases.\n"
        }
    ],
    "source": {
        "advisory": "JSA10880",
        "defect": [
            "1337619"
        ],
        "discovery": "EXTERNAL"
    },
    "work_around": [
        {
            "lang": "eng",
            "value": "There are no viable workarounds for this issue."
        }
    ]
}
- Synchronized data. 2017-11-16 15:05:14 -05:00			`{`
"-Synchronized-Data." 2019-03-18 04:07:40 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "sirt@juniper.net",`
			`"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",`
			`"ID": "CVE-2018-0046",`
			`"STATE": "PUBLIC",`
			`"TITLE": "Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Junos Space",`
			`"version": {`
			`"version_data": [`
			`{`
			`"affected": "<",`
			`"version_value": "18.2R1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Juniper Networks"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
CVE IDs assigned in Juniper Security Advisory Bundle for Oct 2018 CVE IDs assigned in Juniper Security Advisory Bundle for Oct 2018. 2018-10-10 09:19:58 -07:00			`{`
"-Synchronized-Data." 2019-03-18 04:07:40 +00:00			`"lang": "eng",`
			`"value": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1."`
CVE IDs assigned in Juniper Security Advisory Bundle for Oct 2018 CVE IDs assigned in Juniper Security Advisory Bundle for Oct 2018. 2018-10-10 09:19:58 -07:00			`}`
"-Synchronized-Data." 2019-03-18 04:07:40 +00:00			`]`
			`},`
			`"exploit": [`
			`{`
			`"lang": "eng",`
			`"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."`
			`}`
			`],`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Reflected cross-site scripting vulnerability"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "105566",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/105566"`
			`},`
			`{`
			`"name": "https://kb.juniper.net/JSA10880",`
			`"refsource": "CONFIRM",`
			`"url": "https://kb.juniper.net/JSA10880"`
			`},`
			`{`
			`"name": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d",`
			`"refsource": "CONFIRM",`
			`"url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"`
			`},`
			`{`
			`"name": "1041862",`
			`"refsource": "SECTRACK",`
			`"url": "http://www.securitytracker.com/id/1041862"`
			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases.\n"`
			`}`
			`],`
			`"source": {`
			`"advisory": "JSA10880",`
			`"defect": [`
			`"1337619"`
			`],`
			`"discovery": "EXTERNAL"`
			`},`
			`"work_around": [`
			`{`
			`"lang": "eng",`
			`"value": "There are no viable workarounds for this issue."`
			`}`
			`]`
			`}`