Search criteria
15 vulnerabilities found for junos_pulse_secure_access_service by juniper
FKIE_CVE-2014-3824
Vulnerability from fkie_nvd - Published: 2014-09-29 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0C8957-0870-4070-AAD3-720EE46311EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A21AF8-2618-4C7F-B250-BEDBBE9BE7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6386D17E-158E-4F5E-B0C7-7719D0020CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
"matchCriteriaId": "601BEBCC-F133-40FB-A1B8-599889D05480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5DFCB2A6-FFF0-4108-B587-C27FB96FD75A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
"matchCriteriaId": "A381B35A-750E-4E70-99DA-25C4837C9DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2E937F-6235-4040-ADAF-884304C7D65C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
"matchCriteriaId": "F3921140-1DDB-416E-9DC6-BB097C339A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
"matchCriteriaId": "36F6EE11-D19C-43DD-AFB8-D8AE60B5692F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
"matchCriteriaId": "810ABC69-F219-4060-A50E-5A9D531BF26A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
"matchCriteriaId": "48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD9F89E-5AFB-4B80-B615-6E4720FA8A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
"matchCriteriaId": "134E62A7-0E1E-453B-AE43-EFF7BA700658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
"matchCriteriaId": "C503F416-17B4-45DA-9E36-9A8B14C2DEC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
"matchCriteriaId": "ECDD185D-A088-43A4-B4DE-599D22F1642C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*",
"matchCriteriaId": "49B32A49-885E-4C3D-8362-1E48B04F1FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*",
"matchCriteriaId": "5B149DA0-3128-499D-969A-3231B682D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B390A8A0-D317-4EDE-9B1F-2CC53DC72C06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el servidor web en los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 8.0 anterior a 8.0r6, 7.4 anterior a 7.4r13, y 7.1 anterior a 7.1r20 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3824",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-29T14:55:08.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/69804"
},
{
"source": "cve@mitre.org",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3820
Vulnerability from fkie_nvd - Published: 2014-09-29 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E19A150B-30A6-4C86-86EE-DD010C707607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1:*:*:*:*:*:*:*",
"matchCriteriaId": "42FFCBD4-D611-40FB-9EC0-FD7514D3E4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ECFCA72-04D6-441D-9167-F549293C26A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r2:*:*:*:*:*:*:*",
"matchCriteriaId": "538BDA70-3F06-4AAE-9ACA-DF4C776DE19E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EBC04E-16D9-4DC0-B0A9-A99527B5FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r4:*:*:*:*:*:*:*",
"matchCriteriaId": "C21197A5-8BDA-4FDB-9AC3-703715AA4F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r5:*:*:*:*:*:*:*",
"matchCriteriaId": "9C00A34F-1E90-4E81-AFDE-02A1D059A24C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1539B994-2F09-43E8-9854-4A41585F0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "3AEABC77-6BCF-4D8B-86FA-74E7B384914A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "BE20B878-7344-455C-AB6F-12E0C9C126DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2654EEEA-B9FA-4717-8498-0E4A49B5E058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0C8957-0870-4070-AAD3-720EE46311EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A21AF8-2618-4C7F-B250-BEDBBE9BE7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6386D17E-158E-4F5E-B0C7-7719D0020CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
"matchCriteriaId": "601BEBCC-F133-40FB-A1B8-599889D05480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5DFCB2A6-FFF0-4108-B587-C27FB96FD75A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
"matchCriteriaId": "A381B35A-750E-4E70-99DA-25C4837C9DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2E937F-6235-4040-ADAF-884304C7D65C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
"matchCriteriaId": "F3921140-1DDB-416E-9DC6-BB097C339A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
"matchCriteriaId": "36F6EE11-D19C-43DD-AFB8-D8AE60B5692F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
"matchCriteriaId": "810ABC69-F219-4060-A50E-5A9D531BF26A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
"matchCriteriaId": "48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD9F89E-5AFB-4B80-B615-6E4720FA8A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
"matchCriteriaId": "134E62A7-0E1E-453B-AE43-EFF7BA700658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA1CB31-3514-480E-ADD0-B8415B379754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
"matchCriteriaId": "C503F416-17B4-45DA-9E36-9A8B14C2DEC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
"matchCriteriaId": "ECDD185D-A088-43A4-B4DE-599D22F1642C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B390A8A0-D317-4EDE-9B1F-2CC53DC72C06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el servidor web SSL VPN/UAC en los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 7.1 anterior a 7.1r16, 7.4 anterior a 7.4r3, y 8.0 anterior a 8.0r1 y los dispositivos Juniper Junos Pulse Access Control Service con UAC OS 4.1 anterior a 4.1r8, 4.4 anterior a 4.4r3 y 5.0 anterior a 5.0r1 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3820",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-29T14:55:08.720",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030852"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3823
Vulnerability from fkie_nvd - Published: 2014-09-29 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0C8957-0870-4070-AAD3-720EE46311EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6386D17E-158E-4F5E-B0C7-7719D0020CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
"matchCriteriaId": "601BEBCC-F133-40FB-A1B8-599889D05480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5DFCB2A6-FFF0-4108-B587-C27FB96FD75A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
"matchCriteriaId": "A381B35A-750E-4E70-99DA-25C4837C9DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2E937F-6235-4040-ADAF-884304C7D65C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
"matchCriteriaId": "F3921140-1DDB-416E-9DC6-BB097C339A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
"matchCriteriaId": "36F6EE11-D19C-43DD-AFB8-D8AE60B5692F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
"matchCriteriaId": "810ABC69-F219-4060-A50E-5A9D531BF26A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
"matchCriteriaId": "48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD9F89E-5AFB-4B80-B615-6E4720FA8A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
"matchCriteriaId": "134E62A7-0E1E-453B-AE43-EFF7BA700658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
"matchCriteriaId": "C503F416-17B4-45DA-9E36-9A8B14C2DEC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
"matchCriteriaId": "ECDD185D-A088-43A4-B4DE-599D22F1642C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*",
"matchCriteriaId": "49B32A49-885E-4C3D-8362-1E48B04F1FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*",
"matchCriteriaId": "5B149DA0-3128-499D-969A-3231B682D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B390A8A0-D317-4EDE-9B1F-2CC53DC72C06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 8.0 anterior a 8.0r1, 7.4 anterior a 7.4r5, y 7.1 anterior a 7.1r18 permiten a atacantes remotos realizar ataques de clickjacking a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3823",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-29T14:55:08.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-5650
Vulnerability from fkie_nvd - Published: 2013-09-16 19:14 - Updated: 2025-04-11 00:51
Severity ?
Summary
Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0C8957-0870-4070-AAD3-720EE46311EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B131A79C-9F00-4205-906A-1C6FFF968399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CB3318-20E0-4D84-B95D-50F2DDB7CB56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA1CB31-3514-480E-ADD0-B8415B379754",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E19A150B-30A6-4C86-86EE-DD010C707607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F94EE9B9-1CE6-401B-80F7-9EC080BD7B74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A5CD74-9A06-45E2-9C5B-DDA2E3D7EE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1539B994-2F09-43E8-9854-4A41585F0513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet."
},
{
"lang": "es",
"value": "Junos Pulse Secure Access Service (IVE) 7.1 anterior a 7.1r5, 7.2 anterior a 7.2r10, 7.3 anterior a 7.3r6, and 7.4 anterior a 7.4r3 y Junos Pulse Access Control Service (UAC) 4.1 anterior a 4.1r8.1, 4.2 anterior a 4.2r5, 4.3 anterior a 4.3r6 y 4.4 anterior a 4.4r3, cuando una tarjeta hardware de aceleraci\u00f3n SSL esta habilitada, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue del dispositivo) a trav\u00e9s de un paquete manipulado."
}
],
"id": "CVE-2013-5650",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-16T19:14:39.367",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/97241"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54776"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/97241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10590"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-3970
Vulnerability from fkie_nvd - Published: 2013-06-13 16:47 - Updated: 2025-04-11 00:51
Severity ?
Summary
Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://kb.juniper.net/JSA10571 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/JSA10571 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E19EA42-FAC3-45BD-B11E-23CBEC70505F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r3:*:*:*:*:*:*:*",
"matchCriteriaId": "204456AA-7A87-4317-96B2-0F8E28DC8B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAE61E0-EC1D-4F74-BACB-E63C9778BA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r5:*:*:*:*:*:*:*",
"matchCriteriaId": "247464D3-8B16-4140-980A-028E600E08B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE7A6A9-4655-4B86-A6CB-F871FC6A7631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r6:*:*:*:*:*:*:*",
"matchCriteriaId": "07743F02-BFB0-405F-8144-270658D1C113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r7:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8C8BD0-1BD5-4C10-991B-AD953FEC0A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.0r8:*:*:*:*:*:*:*",
"matchCriteriaId": "80B5DF49-2C11-42E4-8472-92526C5F1EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*",
"matchCriteriaId": "47A21AF8-2618-4C7F-B250-BEDBBE9BE7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6386D17E-158E-4F5E-B0C7-7719D0020CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
"matchCriteriaId": "601BEBCC-F133-40FB-A1B8-599889D05480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5DFCB2A6-FFF0-4108-B587-C27FB96FD75A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1:*:*:*:*:*:*:*",
"matchCriteriaId": "42FFCBD4-D611-40FB-9EC0-FD7514D3E4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ECFCA72-04D6-441D-9167-F549293C26A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r2:*:*:*:*:*:*:*",
"matchCriteriaId": "538BDA70-3F06-4AAE-9ACA-DF4C776DE19E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EBC04E-16D9-4DC0-B0A9-A99527B5FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r4:*:*:*:*:*:*:*",
"matchCriteriaId": "C21197A5-8BDA-4FDB-9AC3-703715AA4F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r5:*:*:*:*:*:*:*",
"matchCriteriaId": "9C00A34F-1E90-4E81-AFDE-02A1D059A24C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA."
},
{
"lang": "es",
"value": "Juniper Junos Pulse Secure Access Service (tambi\u00e9n conocido como SSL VPN) con IVE OS v7.0r2 hasta v7.0r8 y v7.1r1 hasta v7.1r5 y Junos Pulse Access Control Service (tambi\u00e9n conocido como UAC) con UAC OS v4.1r1 hasta v4.1r5 incluyen un certificado de prueba en la lista Trusted Server CAs, que hace m\u00e1s f\u00e1cil a atacantes man-in-the-middle burlar servidores SSL aprovechando el control de esa prueba CA."
}
],
"id": "CVE-2013-3970",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-13T16:47:25.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://kb.juniper.net/JSA10571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://kb.juniper.net/JSA10571"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-3824 (GCVE-0-2014-3824)
Vulnerability from cvelistv5 – Published: 2014-09-29 14:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69804",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69804"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69804",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69804"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69804"
},
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3824",
"datePublished": "2014-09-29T14:00:00",
"dateReserved": "2014-05-21T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3823 (GCVE-0-2014-3823)
Vulnerability from cvelistv5 – Published: 2014-09-29 14:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-29T11:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3823",
"datePublished": "2014-09-29T14:00:00",
"dateReserved": "2014-05-21T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3820 (GCVE-0-2014-3820)
Vulnerability from cvelistv5 – Published: 2014-09-29 14:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
},
{
"name": "1030852",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
},
{
"name": "1030852",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030852"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
},
{
"name": "1030852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030852"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3820",
"datePublished": "2014-09-29T14:00:00",
"dateReserved": "2014-05-21T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5650 (GCVE-0-2013-5650)
Vulnerability from cvelistv5 – Published: 2013-09-16 19:00 – Updated: 2024-08-06 17:15
VLAI?
Summary
Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97241",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/97241"
},
{
"name": "juniper-junos-cve20135650-dos(87063)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10590"
},
{
"name": "54776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97241",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/97241"
},
{
"name": "juniper-junos-cve20135650-dos(87063)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10590"
},
{
"name": "54776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97241",
"refsource": "OSVDB",
"url": "http://osvdb.org/97241"
},
{
"name": "juniper-junos-cve20135650-dos(87063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063"
},
{
"name": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10590",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10590"
},
{
"name": "54776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5650",
"datePublished": "2013-09-16T19:00:00",
"dateReserved": "2013-08-30T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3970 (GCVE-0-2013-3970)
Vulnerability from cvelistv5 – Published: 2013-06-13 00:00 – Updated: 2024-09-17 01:46
VLAI?
Summary
Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/JSA10571"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-13T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/JSA10571"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/JSA10571",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/JSA10571"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3970",
"datePublished": "2013-06-13T00:00:00Z",
"dateReserved": "2013-06-06T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:59.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3824 (GCVE-0-2014-3824)
Vulnerability from nvd – Published: 2014-09-29 14:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69804",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69804"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69804",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69804"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69804"
},
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3824",
"datePublished": "2014-09-29T14:00:00",
"dateReserved": "2014-05-21T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3823 (GCVE-0-2014-3823)
Vulnerability from nvd – Published: 2014-09-29 14:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-29T11:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3823",
"datePublished": "2014-09-29T14:00:00",
"dateReserved": "2014-05-21T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3820 (GCVE-0-2014-3820)
Vulnerability from nvd – Published: 2014-09-29 14:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
},
{
"name": "1030852",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
},
{
"name": "1030852",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030852"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
},
{
"name": "1030852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030852"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3820",
"datePublished": "2014-09-29T14:00:00",
"dateReserved": "2014-05-21T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5650 (GCVE-0-2013-5650)
Vulnerability from nvd – Published: 2013-09-16 19:00 – Updated: 2024-08-06 17:15
VLAI?
Summary
Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97241",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/97241"
},
{
"name": "juniper-junos-cve20135650-dos(87063)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10590"
},
{
"name": "54776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97241",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/97241"
},
{
"name": "juniper-junos-cve20135650-dos(87063)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10590"
},
{
"name": "54776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97241",
"refsource": "OSVDB",
"url": "http://osvdb.org/97241"
},
{
"name": "juniper-junos-cve20135650-dos(87063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063"
},
{
"name": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10590",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10590"
},
{
"name": "54776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5650",
"datePublished": "2013-09-16T19:00:00",
"dateReserved": "2013-08-30T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3970 (GCVE-0-2013-3970)
Vulnerability from nvd – Published: 2013-06-13 00:00 – Updated: 2024-09-17 01:46
VLAI?
Summary
Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/JSA10571"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-13T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/JSA10571"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/JSA10571",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/JSA10571"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3970",
"datePublished": "2013-06-13T00:00:00Z",
"dateReserved": "2013-06-06T00:00:00Z",
"dateUpdated": "2024-09-17T01:46:59.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}