CVE-2019-0026

Name of the Vulnerable Software and Affected Versions Juniper ATP versions prior to 5.0.3

Description The issue is related to insufficient input validation in the Zone configuration component of Juniper ATP, which may allow a remote attacker to inject arbitrary JavaScript code into a loaded page and access protected data. This is a persistent cross-site scripting (XSS) issue that can be exploited by an authenticated user to steal sensitive data and credentials from a web administration session. The attacker may also trick a subsequent administrative user into performing administrative actions on the device.

Recommendations For Juniper ATP versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Zone configuration component to minimize the risk of exploitation. Avoid using the vulnerable Zone configuration feature until the issue is resolved.