CVE-2019-0018

Name of the Vulnerable Software and Affected Versions Juniper ATP versions prior to 5.0.3

Description A persistent cross-site scripting (XSS) issue in the file upload menu may allow an authenticated user to inject arbitrary scripts, potentially stealing sensitive data and credentials from a web administration session. This could trick a follow-on administrative user into performing unintended administrative actions on the device. The issue is related to insufficient input validation, which may enable a remote attacker to embed arbitrary JavaScript code into an uploaded page and access protected data.

Recommendations For Juniper ATP versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload menu to minimize the risk of exploitation.