CVE-2019-0027

Name of the Vulnerable Software and Affected Versions Juniper ATP versions prior to 5.0.3

Description A persistent cross-site scripting (XSS) issue in the Snort Rules configuration may allow an authenticated user to inject arbitrary script, potentially stealing sensitive data and credentials from a web administration session. This could trick a follow-on administrative user into performing unintended administrative actions on the device. The issue is related to insufficient input validation, which can be exploited by a remote attacker to inject arbitrary JavaScript code and access protected data.

Recommendations For Juniper ATP versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Snort Rules configuration to minimize the risk of exploitation.