PT-2014-5527 · Juniper Networks · Junos Pulse Secure Access Service+1
Publicado
2014-09-29
·
Atualizado
2016-04-01
·
CVE-2014-3820
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Juniper Junos Pulse Secure Access Service (SSL VPN) versions 7.1 through 7.1r15
Juniper Junos Pulse Secure Access Service (SSL VPN) versions 7.4 through 7.4r2
Juniper Junos Pulse Secure Access Service (SSL VPN) versions 8.0 through 8.0r0
Juniper Junos Pulse Access Control Service versions 4.1 through 4.1r7
Juniper Junos Pulse Access Control Service versions 4.4 through 4.4r2
Juniper Junos Pulse Access Control Service versions 5.0 through 5.0r0
Description
A cross-site scripting (XSS) issue exists in the SSL VPN/UAC web server, allowing remote administrators to inject arbitrary web script or HTML via unspecified vectors.
Recommendations
For Juniper Junos Pulse Secure Access Service (SSL VPN) versions 7.1 through 7.1r15, update to version 7.1r16 or later.
For Juniper Junos Pulse Secure Access Service (SSL VPN) versions 7.4 through 7.4r2, update to version 7.4r3 or later.
For Juniper Junos Pulse Secure Access Service (SSL VPN) versions 8.0 through 8.0r0, update to version 8.0r1 or later.
For Juniper Junos Pulse Access Control Service versions 4.1 through 4.1r7, update to version 4.1r8 or later.
For Juniper Junos Pulse Access Control Service versions 4.4 through 4.4r2, update to version 4.4r3 or later.
For Juniper Junos Pulse Access Control Service versions 5.0 through 5.0r0, update to version 5.0r1 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Junos Pulse Access Control Service
Junos Pulse Secure Access Service