CVE-2019-0024

Name of the Vulnerable Software and Affected Versions Juniper ATP versions prior to 5.0.3

Description A persistent cross-site scripting (XSS) issue in the Email Collectors menu of Juniper ATP may allow an authenticated user to inject arbitrary script, potentially stealing sensitive data and credentials from a web administration session. This could trick a follow-on administrative user into performing administrative actions on the device. The issue is related to insufficient input validation, which may allow a remote attacker to embed arbitrary JavaScript code into a loaded page and access protected data.

Recommendations For Juniper ATP versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Email Collectors menu to minimize the risk of exploitation.