CVE-2019-0004

Name of the Vulnerable Software and Affected Versions: Juniper ATP versions prior to 5.0.3

Description: The issue is related to the logging of sensitive keys in a file that can be read by authenticated local users. These keys are used for critical operations on the WebUI interface. The problem is associated with inadequate access control in the web interface of the Juniper Advanced Threat Prevention software. Exploitation of this issue could allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For Juniper ATP versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the file containing the API key and the device key to minimize the risk of exploitation.