CVE-2022-22190

Name of the Vulnerable Software and Affected Versions Juniper Networks Paragon Active Assurance version 3.1.0

Description An issue in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature introduced in version 3.1 allows users to selectively share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application, it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data.

Recommendations As a temporary workaround, consider restricting access to the unique identifier feature until a patch is available. Update to a version that fixes this issue, if available. Note: At the moment, there is no information about a newer version that contains a fix for this vulnerability.