CVE-2012-5460 (GCVE-0-2012-5460)

Vulnerability from cvelistv5 – Published: 2013-07-31 21:00 – Updated: 2024-09-16 22:36

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	http://www.juniper.net/alerts/viewalert.jsp?actio…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.257Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130722 Juniper Secure Access XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-07-31T21:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20130722 Juniper Secure Access XSS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5460",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130722 Juniper Secure Access XSS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
            },
            {
              "name": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view",
              "refsource": "MISC",
              "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5460",
    "datePublished": "2013-07-31T21:00:00Z",
    "dateReserved": "2012-10-24T00:00:00Z",
    "dateUpdated": "2024-09-16T22:36:07.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4313025-3FC4-42DB-B18E-57EC5C566B74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"754A5F1C-E181-4D36-86A7-5124C22EBF40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ECD0F7E-715A-4C52-ACF1-EE7A7042B991\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:secure_access_virtual_appliance:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49C013C9-3F10-4B6A-A1C6-7171DB9BE6DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80CC7A54-95DD-4C60-8A99-21F800616784\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B68C4310-771E-4E8F-9C62-6EBE233FCB92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55331F37-6F9B-48A8-BBB3-BE9EBF4C2B3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"528028F3-3F3F-4354-A1D7-2EF66BA27CEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EE557B9-DF6D-4C20-98BE-E934D187CCFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB174F88-B643-4338-BCD6-A9CD0EDB54A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"115C8834-8BD1-4561-8B98-AE29E3B9C1C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54C5F933-61BB-40EA-9ADC-C22CFE8F9D1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF6B885A-5C17-4928-A1B9-4A729F277F4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82E5E8BD-68B9-4C94-A1F0-3F5C3EC7620A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D6A2465-451A-436A-89C1-94424A0C4AB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"641091CF-F671-4AD7-B10F-E50497AC462B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"501D212B-D846-4D43-B6D8-F01C2483AB64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"075FD895-451D-4959-9A73-94F5BB1853E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42FB27DD-D685-4D5E-8DAF-7A34DE33AB59\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad XSS en la p\\u00e1gina de ayuda en Juniper Secure Access (SA) con IVE OS anterior a 7.1r13, 7.2.x anterior a 7.2r7, y 7.3.x anterior a 7.3r2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a trav\\u00e9s del par\\u00e1metro WWHSearchWordsText.\"}]",
      "id": "CVE-2012-5460",
      "lastModified": "2024-11-21T01:44:42.477",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2013-08-01T13:32:35.103",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-5460\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-08-01T13:32:35.103\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad XSS en la p\u00e1gina de ayuda en Juniper Secure Access (SA) con IVE OS anterior a 7.1r13, 7.2.x anterior a 7.2r7, y 7.3.x anterior a 7.3r2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a trav\u00e9s del par\u00e1metro WWHSearchWordsText.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4313025-3FC4-42DB-B18E-57EC5C566B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"754A5F1C-E181-4D36-86A7-5124C22EBF40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ECD0F7E-715A-4C52-ACF1-EE7A7042B991\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:secure_access_virtual_appliance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49C013C9-3F10-4B6A-A1C6-7171DB9BE6DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80CC7A54-95DD-4C60-8A99-21F800616784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B68C4310-771E-4E8F-9C62-6EBE233FCB92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55331F37-6F9B-48A8-BBB3-BE9EBF4C2B3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528028F3-3F3F-4354-A1D7-2EF66BA27CEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EE557B9-DF6D-4C20-98BE-E934D187CCFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB174F88-B643-4338-BCD6-A9CD0EDB54A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"115C8834-8BD1-4561-8B98-AE29E3B9C1C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54C5F933-61BB-40EA-9ADC-C22CFE8F9D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF6B885A-5C17-4928-A1B9-4A729F277F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82E5E8BD-68B9-4C94-A1F0-3F5C3EC7620A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D6A2465-451A-436A-89C1-94424A0C4AB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641091CF-F671-4AD7-B10F-E50497AC462B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"501D212B-D846-4D43-B6D8-F01C2483AB64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"075FD895-451D-4959-9A73-94F5BB1853E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42FB27DD-D685-4D5E-8DAF-7A34DE33AB59\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2012-5460

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-5460

Aliases

CVE-2012-5460

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-5460",
    "description": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.",
    "id": "GSD-2012-5460"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-5460"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.",
      "id": "GSD-2012-5460",
      "modified": "2023-12-13T01:20:19.811140Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-5460",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20130722 Juniper Secure Access XSS Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
          },
          {
            "name": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view",
            "refsource": "MISC",
            "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:juniper:secure_access_virtual_appliance:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5460"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130722 Juniper Secure Access XSS Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
            },
            {
              "name": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2013-08-01T13:32Z",
      "publishedDate": "2013-08-01T13:32Z"
    }
  }
}

GHSA-5CMX-JCM8-6C7M

Vulnerability from github – Published: 2022-05-17 05:07 – Updated: 2022-05-17 05:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-5460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-08-01T13:32:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.",
  "id": "GHSA-5cmx-jcm8-6c7m",
  "modified": "2022-05-17T05:07:08Z",
  "published": "2022-05-17T05:07:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5460"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
    },
    {
      "type": "WEB",
      "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2013-AVI-508

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos Space	Juniper Junos Space Appliance JA1500
Juniper Networks	Junos Space	Juniper Junos Space Software version 11.3
Juniper Networks	N/A	Juniper NSM version 2011.4
Juniper Networks	N/A	Juniper NSM version 2012.1
Juniper Networks	Junos Space	Juniper Junos Space Software version 11.1
Juniper Networks	N/A	Juniper STRM version 2010.0
Juniper Networks	Junos Space	Juniper Junos Space Software version 11.2
Juniper Networks	N/A	Juniper SA (IVE OS) versions antérieures à 7.3r2
Juniper Networks	N/A	Juniper NSM version 2010.3
Juniper Networks	N/A	Juniper STRM version 2012.0
Juniper Networks	N/A	Juniper JunosE Operating System
Juniper Networks	Junos Space	Juniper Junos Space Software version 12.1
Juniper Networks	N/A	Juniper NSM version 2012.2
Juniper Networks	N/A	Juniper SA (IVE OS) versions antérieures à 7.1r13
Juniper Networks	N/A	Juniper SA (IVE OS) versions antérieures à 7.2r7
Juniper Networks	N/A	Juniper STRM version 2012.1
Juniper Networks	N/A	Juniper Junos Operating System
Juniper Networks	N/A	Juniper ScreenOS
Juniper Networks	N/A	Juniper STRM version 2013.1
Juniper Networks	Junos Space	Juniper Junos Space Software version 12.3
Juniper Networks	Junos Space	Juniper Junos Space Software version 12.2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10586 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10554 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10584 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10582 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10585 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10583 du 20 août 2013	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Junos Space Appliance JA1500",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 11.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2011.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2012.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 11.1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2010.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 11.2",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA (IVE OS) versions ant\u00e9rieures \u00e0 7.3r2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2010.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2012.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper JunosE Operating System",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 12.1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2012.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA (IVE OS) versions ant\u00e9rieures \u00e0 7.1r13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA (IVE OS) versions ant\u00e9rieures \u00e0 7.2r7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2012.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Operating System",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2013.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 12.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 12.2",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-5460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5460"
    },
    {
      "name": "CVE-2013-5097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5097"
    },
    {
      "name": "CVE-2013-2970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2970"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2013-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0149"
    },
    {
      "name": "CVE-2013-5095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5095"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2013-5096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5096"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-508",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-09-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10586 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10586\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10554 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10554\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10584 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10584\u0026cat=SIRT_1\u0026actp=LIST\u0026showDraft=false"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10582 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10582\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10585 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10585\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10583 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10583\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTA-2013-AVI-508

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos Space	Juniper Junos Space Appliance JA1500
Juniper Networks	Junos Space	Juniper Junos Space Software version 11.3
Juniper Networks	N/A	Juniper NSM version 2011.4
Juniper Networks	N/A	Juniper NSM version 2012.1
Juniper Networks	Junos Space	Juniper Junos Space Software version 11.1
Juniper Networks	N/A	Juniper STRM version 2010.0
Juniper Networks	Junos Space	Juniper Junos Space Software version 11.2
Juniper Networks	N/A	Juniper SA (IVE OS) versions antérieures à 7.3r2
Juniper Networks	N/A	Juniper NSM version 2010.3
Juniper Networks	N/A	Juniper STRM version 2012.0
Juniper Networks	N/A	Juniper JunosE Operating System
Juniper Networks	Junos Space	Juniper Junos Space Software version 12.1
Juniper Networks	N/A	Juniper NSM version 2012.2
Juniper Networks	N/A	Juniper SA (IVE OS) versions antérieures à 7.1r13
Juniper Networks	N/A	Juniper SA (IVE OS) versions antérieures à 7.2r7
Juniper Networks	N/A	Juniper STRM version 2012.1
Juniper Networks	N/A	Juniper Junos Operating System
Juniper Networks	N/A	Juniper ScreenOS
Juniper Networks	N/A	Juniper STRM version 2013.1
Juniper Networks	Junos Space	Juniper Junos Space Software version 12.3
Juniper Networks	Junos Space	Juniper Junos Space Software version 12.2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10586 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10554 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10584 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10582 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10585 du 20 août 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA10583 du 20 août 2013	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Junos Space Appliance JA1500",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 11.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2011.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2012.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 11.1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2010.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 11.2",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA (IVE OS) versions ant\u00e9rieures \u00e0 7.3r2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2010.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2012.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper JunosE Operating System",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 12.1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM version 2012.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA (IVE OS) versions ant\u00e9rieures \u00e0 7.1r13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA (IVE OS) versions ant\u00e9rieures \u00e0 7.2r7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2012.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Operating System",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper STRM version 2013.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 12.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Space Software version 12.2",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-5460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5460"
    },
    {
      "name": "CVE-2013-5097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5097"
    },
    {
      "name": "CVE-2013-2970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2970"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2013-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0149"
    },
    {
      "name": "CVE-2013-5095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5095"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2013-5096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5096"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-508",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-09-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10586 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10586\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10554 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10554\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10584 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?cmid=no\u0026page=content\u0026id=JSA10584\u0026cat=SIRT_1\u0026actp=LIST\u0026showDraft=false"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10582 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10582\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10585 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10585\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10583 du 20 ao\u00fbt 2013",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026cmid=no\u0026id=JSA10583\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

VAR-201308-0003

Vulnerability from variot - Updated: 2023-12-18 12:45

Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. Junos Pulse Secure Access Service (SSL VPN) is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks may also be possible. The client supports remote and mobile users to access enterprise resources with various web devices. The vulnerability exists in the following product versions: versions prior to 7.1r13, versions prior to 7.2r7, versions prior to 7.3r2. -------------------------------------------------------------------------------

| Juniper Secure Access XSS Vulnerability|

Summary

Juniper Secure Access software has reflected XSS vulnerability

CVE number: CVE-2012-5460 PSN-2013-03-874 Impact: Low

Vendor homepage: http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view

Vendor notified: 06/06/2012

Vendor fixed: 12/12/2012

Affected Products

Juniper SA (IVE OS) to versions prior to 7.1r13, 7.2r7, 7.3r2 .

Details

In order to exploit this vulnerability , the client should authenticate to SSLVPN service.The vulnerable parameter exists on help page of IVE user web interface.

Effected parameter: WWHSearchWordsText

Impact

Execution of arbitrary script code in a user's browser during an authenticated session.

Solution

Upgrade to 7.1r13, 7.2r7, 7.3r2, or higher.

Twitter @pazwant

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201308-0003",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.2"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "mag4610 gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 6500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6610 gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6611 gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 6500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 6000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 6000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag2600 gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.2r7"
      },
      {
        "model": "secure access 700",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 6000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.3.x"
      },
      {
        "model": "secure access 6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 6000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag4610 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag2600 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6611 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.3r2"
      },
      {
        "model": "mag6610 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access virtual appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.2.x"
      },
      {
        "model": "fips secure access 6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos pulse secure access service sa700",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa6500",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa6000",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa4500",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa2500",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa2000",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service mag6611",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service mag6610",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service mag4610",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service mag2600",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service fips sa6500",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service fips sa6000",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service fips sa4500",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service fips sa4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "61399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:juniper:secure_access_virtual_appliance:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "61399"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-5460",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2012-5460",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-58741",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-5460",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201307-518",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-58741",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. Junos Pulse Secure Access Service (SSL VPN) is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. \nAttacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks may also be possible. The client supports remote and mobile users to access enterprise resources with various web devices. The vulnerability exists in the following product versions: versions prior to 7.1r13, versions prior to 7.2r7, versions prior to 7.3r2. -------------------------------------------------------------------------------\n\n\n| Juniper Secure Access XSS Vulnerability|\n\n\n--------------------------------------------------------------------------------\n\n\nSummary\n===============\n\nJuniper Secure Access software has reflected XSS vulnerability\n\nCVE number: CVE-2012-5460\nPSN-2013-03-874\nImpact: Low\n\nVendor homepage:\nhttp://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view\n\nVendor notified: 06/06/2012\n\nVendor fixed: 12/12/2012\n\nAffected Products\n=================\nJuniper SA (IVE OS) to versions prior to  7.1r13, 7.2r7, 7.3r2 . \n\n\nDetails\n==================\nIn order to exploit this vulnerability , the client should\nauthenticate to SSLVPN service.The vulnerable parameter exists on help\npage of IVE user web interface. \n\nEffected parameter: WWHSearchWordsText\n\nImpact\n==================\nExecution of arbitrary script code in a user\u0027s browser during an\nauthenticated session. \n\n\nSolution\n==================\nUpgrade to 7.1r13, 7.2r7, 7.3r2, or higher. \n\nTwitter @pazwant\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "BID",
        "id": "61399"
      },
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "PACKETSTORM",
        "id": "122518"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-58741",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-5460",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "61399",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20130722 JUNIPER SECURE ACCESS XSS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10554",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "122518",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-58741",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "BID",
        "id": "61399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "PACKETSTORM",
        "id": "122518"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ]
  },
  "id": "VAR-201308-0003",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:45:32.039000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10554",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10554"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search\u0026txtalertnumber=psn-2013-03-874\u0026viewmode=view"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5460"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5460"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/61399"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10554"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/us/en/products-services/software/junos-platform/junos-pulse/secure-access/"
      },
      {
        "trust": 0.1,
        "url": "http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search\u0026amp;txtalertnumber=psn-2013-03-874\u0026amp;viewmode=view"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5460"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "BID",
        "id": "61399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "PACKETSTORM",
        "id": "122518"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "BID",
        "id": "61399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "PACKETSTORM",
        "id": "122518"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "date": "2013-07-22T00:00:00",
        "db": "BID",
        "id": "61399"
      },
      {
        "date": "2013-08-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "date": "2013-07-23T14:44:44",
        "db": "PACKETSTORM",
        "id": "122518"
      },
      {
        "date": "2013-08-01T13:32:35.103000",
        "db": "NVD",
        "id": "CVE-2012-5460"
      },
      {
        "date": "2013-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "date": "2013-07-22T00:00:00",
        "db": "BID",
        "id": "61399"
      },
      {
        "date": "2013-08-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "date": "2013-08-01T13:32:35.103000",
        "db": "NVD",
        "id": "CVE-2012-5460"
      },
      {
        "date": "2013-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Secure Access of  IVE OS Help page cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "122518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ],
    "trust": 0.7
  }
}

FKIE_CVE-2012-5460

Vulnerability from fkie_nvd - Published: 2013-08-01 13:32 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html
cve@mitre.org	http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html
af854a3a-2127-422b-91ae-364da2661108	http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	ive_os	7.1
juniper	ive_os	7.2
juniper	ive_os	7.3
juniper	secure_access_virtual_appliance	-
juniper	fips_secure_access_4000	-
juniper	fips_secure_access_4500	-
juniper	fips_secure_access_6000	-
juniper	fips_secure_access_6500	-
juniper	mag2600_gateway	-
juniper	mag4610_gateway	-
juniper	mag6610_gateway	-
juniper	mag6611_gateway	-
juniper	secure_access_2000	-
juniper	secure_access_2500	-
juniper	secure_access_4000	-
juniper	secure_access_4500	-
juniper	secure_access_6000	-
juniper	secure_access_6500	-
juniper	secure_access_700	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4313025-3FC4-42DB-B18E-57EC5C566B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "754A5F1C-E181-4D36-86A7-5124C22EBF40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ECD0F7E-715A-4C52-ACF1-EE7A7042B991",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:secure_access_virtual_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49C013C9-3F10-4B6A-A1C6-7171DB9BE6DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80CC7A54-95DD-4C60-8A99-21F800616784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B68C4310-771E-4E8F-9C62-6EBE233FCB92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55331F37-6F9B-48A8-BBB3-BE9EBF4C2B3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "528028F3-3F3F-4354-A1D7-2EF66BA27CEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE557B9-DF6D-4C20-98BE-E934D187CCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB174F88-B643-4338-BCD6-A9CD0EDB54A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "115C8834-8BD1-4561-8B98-AE29E3B9C1C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54C5F933-61BB-40EA-9ADC-C22CFE8F9D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6B885A-5C17-4928-A1B9-4A729F277F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E5E8BD-68B9-4C94-A1F0-3F5C3EC7620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6A2465-451A-436A-89C1-94424A0C4AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "641091CF-F671-4AD7-B10F-E50497AC462B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "501D212B-D846-4D43-B6D8-F01C2483AB64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "075FD895-451D-4959-9A73-94F5BB1853E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42FB27DD-D685-4D5E-8DAF-7A34DE33AB59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en la p\u00e1gina de ayuda en Juniper Secure Access (SA) con IVE OS anterior a 7.1r13, 7.2.x anterior a 7.2r7, y 7.3.x anterior a 7.3r2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a trav\u00e9s del par\u00e1metro WWHSearchWordsText."
    }
  ],
  "id": "CVE-2012-5460",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-08-01T13:32:35.103",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-5460 (GCVE-0-2012-5460)

GSD-2012-5460

GHSA-5CMX-JCM8-6C7M

CERTA-2013-AVI-508

Solution

CERTA-2013-AVI-508

Solution

VAR-201308-0003

Summary

Affected Products

Details

Impact

Solution

FKIE_CVE-2012-5460

Tags

Sightings

Nomenclature