CVE-2014-3820

Name of the Vulnerable Software and Affected Versions Juniper Junos Pulse Secure Access Service (SSL VPN) versions 7.1 through 7.1r15 Juniper Junos Pulse Secure Access Service (SSL VPN) versions 7.4 through 7.4r2 Juniper Junos Pulse Secure Access Service (SSL VPN) versions 8.0 through 8.0r0 Juniper Junos Pulse Access Control Service versions 4.1 through 4.1r7 Juniper Junos Pulse Access Control Service versions 4.4 through 4.4r2 Juniper Junos Pulse Access Control Service versions 5.0 through 5.0r0

Description A cross-site scripting (XSS) issue exists in the SSL VPN/UAC web server, allowing remote administrators to inject arbitrary web script or HTML via unspecified vectors.

Recommendations For Juniper Junos Pulse Secure Access Service (SSL VPN) versions 7.1 through 7.1r15, update to version 7.1r16 or later. For Juniper Junos Pulse Secure Access Service (SSL VPN) versions 7.4 through 7.4r2, update to version 7.4r3 or later. For Juniper Junos Pulse Secure Access Service (SSL VPN) versions 8.0 through 8.0r0, update to version 8.0r1 or later. For Juniper Junos Pulse Access Control Service versions 4.1 through 4.1r7, update to version 4.1r8 or later. For Juniper Junos Pulse Access Control Service versions 4.4 through 4.4r2, update to version 4.4r3 or later. For Juniper Junos Pulse Access Control Service versions 5.0 through 5.0r0, update to version 5.0r1 or later.