cvelistv5 - CVE-2014-3820

CVE-2014-3820 (GCVE-0-2014-3820)

Vulnerability from cvelistv5 – Published: 2014-09-29 14:00 – Updated: 2024-08-06 10:57

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://kb.juniper.net/InfoCenter/index?page=cont…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1030852	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:57:17.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
          },
          {
            "name": "1030852",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030852"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-04T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
        },
        {
          "name": "1030852",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030852"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3820",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
            },
            {
              "name": "1030852",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030852"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3820",
    "datePublished": "2014-09-29T14:00:00",
    "dateReserved": "2014-05-21T00:00:00",
    "dateUpdated": "2024-08-06T10:57:17.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E19A150B-30A6-4C86-86EE-DD010C707607\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42FFCBD4-D611-40FB-9EC0-FD7514D3E4D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9ECFCA72-04D6-441D-9167-F549293C26A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"538BDA70-3F06-4AAE-9ACA-DF4C776DE19E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5EBC04E-16D9-4DC0-B0A9-A99527B5FA11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C21197A5-8BDA-4FDB-9AC3-703715AA4F52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C00A34F-1E90-4E81-AFDE-02A1D059A24C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1539B994-2F09-43E8-9854-4A41585F0513\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AEABC77-6BCF-4D8B-86FA-74E7B384914A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE20B878-7344-455C-AB6F-12E0C9C126DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_access_control_service:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2654EEEA-B9FA-4717-8498-0E4A49B5E058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE0C8957-0870-4070-AAD3-720EE46311EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47A21AF8-2618-4C7F-B250-BEDBBE9BE7F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6386D17E-158E-4F5E-B0C7-7719D0020CBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"601BEBCC-F133-40FB-A1B8-599889D05480\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DFCB2A6-FFF0-4108-B587-C27FB96FD75A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A381B35A-750E-4E70-99DA-25C4837C9DDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D2E937F-6235-4040-ADAF-884304C7D65C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3921140-1DDB-416E-9DC6-BB097C339A36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36F6EE11-D19C-43DD-AFB8-D8AE60B5692F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"810ABC69-F219-4060-A50E-5A9D531BF26A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCD9F89E-5AFB-4B80-B615-6E4720FA8A57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"134E62A7-0E1E-453B-AE43-EFF7BA700658\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CA1CB31-3514-480E-ADD0-B8415B379754\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"C503F416-17B4-45DA-9E36-9A8B14C2DEC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECDD185D-A088-43A4-B4DE-599D22F1642C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B390A8A0-D317-4EDE-9B1F-2CC53DC72C06\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en el servidor web SSL VPN/UAC en los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 7.1 anterior a 7.1r16, 7.4 anterior a 7.4r3, y 8.0 anterior a 8.0r1 y los dispositivos Juniper Junos Pulse Access Control Service con UAC OS 4.1 anterior a 4.1r8, 4.4 anterior a 4.4r3 y 5.0 anterior a 5.0r1 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2014-3820",
      "lastModified": "2024-11-21T02:08:55.257",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-09-29T14:55:08.720",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1030852\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1030852\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3820\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-09-29T14:55:08.720\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en el servidor web SSL VPN/UAC en los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 7.1 anterior a 7.1r16, 7.4 anterior a 7.4r3, y 8.0 anterior a 8.0r1 y los dispositivos Juniper Junos Pulse Access Control Service con UAC OS 4.1 anterior a 4.1r8, 4.4 anterior a 4.4r3 y 5.0 anterior a 5.0r1 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E19A150B-30A6-4C86-86EE-DD010C707607\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42FFCBD4-D611-40FB-9EC0-FD7514D3E4D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9ECFCA72-04D6-441D-9167-F549293C26A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"538BDA70-3F06-4AAE-9ACA-DF4C776DE19E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5EBC04E-16D9-4DC0-B0A9-A99527B5FA11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C21197A5-8BDA-4FDB-9AC3-703715AA4F52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C00A34F-1E90-4E81-AFDE-02A1D059A24C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1539B994-2F09-43E8-9854-4A41585F0513\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AEABC77-6BCF-4D8B-86FA-74E7B384914A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE20B878-7344-455C-AB6F-12E0C9C126DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_access_control_service:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2654EEEA-B9FA-4717-8498-0E4A49B5E058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE0C8957-0870-4070-AAD3-720EE46311EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47A21AF8-2618-4C7F-B250-BEDBBE9BE7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6386D17E-158E-4F5E-B0C7-7719D0020CBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"601BEBCC-F133-40FB-A1B8-599889D05480\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DFCB2A6-FFF0-4108-B587-C27FB96FD75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A381B35A-750E-4E70-99DA-25C4837C9DDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D2E937F-6235-4040-ADAF-884304C7D65C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3921140-1DDB-416E-9DC6-BB097C339A36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36F6EE11-D19C-43DD-AFB8-D8AE60B5692F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"810ABC69-F219-4060-A50E-5A9D531BF26A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCD9F89E-5AFB-4B80-B615-6E4720FA8A57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"134E62A7-0E1E-453B-AE43-EFF7BA700658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CA1CB31-3514-480E-ADD0-B8415B379754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"C503F416-17B4-45DA-9E36-9A8B14C2DEC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECDD185D-A088-43A4-B4DE-599D22F1642C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B390A8A0-D317-4EDE-9B1F-2CC53DC72C06\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1030852\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1030852\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-6G26-H884-XWV8

Vulnerability from github – Published: 2022-05-17 03:57 – Updated: 2022-05-17 03:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3820"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-09-29T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-6g26-h884-xwv8",
  "modified": "2022-05-17T03:57:46Z",
  "published": "2022-05-17T03:57:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3820"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030852"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2014-AVI-387

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper SA4000
N/A	N/A	Juniper SA2000
N/A	N/A	Juniper MAG4610
N/A	N/A	Juniper SA4500
N/A	N/A	Juniper IC6500
N/A	N/A	Juniper MAG2600
N/A	N/A	Juniper FIPS SA6500
N/A	N/A	Juniper SA2500
N/A	N/A	Juniper IC6000
N/A	N/A	Juniper MAG6610
N/A	N/A	Juniper IC4500
N/A	N/A	Juniper FIPS SA6000
N/A	N/A	Juniper FIPS SA4500
N/A	N/A	Juniper MAG6611
N/A	N/A	Juniper FIPS IC6500
N/A	N/A	Juniper IC4000
N/A	N/A	Juniper FIPS SA4000
N/A	N/A	Juniper SA6000
N/A	N/A	Juniper SA6500
N/A	N/A	Juniper SA700

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10646 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10647 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10644 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10645 du 10 septembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG4610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG2600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6611",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3823"
    },
    {
      "name": "CVE-2014-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3824"
    },
    {
      "name": "CVE-2014-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3820"
    },
    {
      "name": "CVE-2014-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3811"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-387",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte\n\u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10646 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10647 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10644 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10644\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10645 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2014-AVI-387

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper SA4000
N/A	N/A	Juniper SA2000
N/A	N/A	Juniper MAG4610
N/A	N/A	Juniper SA4500
N/A	N/A	Juniper IC6500
N/A	N/A	Juniper MAG2600
N/A	N/A	Juniper FIPS SA6500
N/A	N/A	Juniper SA2500
N/A	N/A	Juniper IC6000
N/A	N/A	Juniper MAG6610
N/A	N/A	Juniper IC4500
N/A	N/A	Juniper FIPS SA6000
N/A	N/A	Juniper FIPS SA4500
N/A	N/A	Juniper MAG6611
N/A	N/A	Juniper FIPS IC6500
N/A	N/A	Juniper IC4000
N/A	N/A	Juniper FIPS SA4000
N/A	N/A	Juniper SA6000
N/A	N/A	Juniper SA6500
N/A	N/A	Juniper SA700

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10646 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10647 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10644 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10645 du 10 septembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG4610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG2600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6611",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3823"
    },
    {
      "name": "CVE-2014-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3824"
    },
    {
      "name": "CVE-2014-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3820"
    },
    {
      "name": "CVE-2014-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3811"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-387",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte\n\u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10646 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10647 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10644 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10644\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10645 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

GSD-2014-3820

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-3820

Aliases

CVE-2014-3820

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3820",
    "description": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2014-3820"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3820"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2014-3820",
      "modified": "2023-12-13T01:22:53.308798Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-3820",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
          },
          {
            "name": "1030852",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030852"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3820"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
            },
            {
              "name": "1030852",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030852"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2016-04-01T18:47Z",
      "publishedDate": "2014-09-29T14:55Z"
    }
  }
}

FKIE_CVE-2014-3820

Vulnerability from fkie_nvd - Published: 2014-09-29 14:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.securitytracker.com/id/1030852
cve@mitre.org	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030852
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	junos_pulse_access_control_service	4.1
juniper	junos_pulse_access_control_service	4.1r1
juniper	junos_pulse_access_control_service	4.1r1.1
juniper	junos_pulse_access_control_service	4.1r2
juniper	junos_pulse_access_control_service	4.1r3
juniper	junos_pulse_access_control_service	4.1r4
juniper	junos_pulse_access_control_service	4.1r5
juniper	junos_pulse_access_control_service	4.4
juniper	junos_pulse_access_control_service	4.4
juniper	junos_pulse_access_control_service	4.4
juniper	junos_pulse_access_control_service	5.0
juniper	junos_pulse_secure_access_service	7.1
juniper	junos_pulse_secure_access_service	7.1r1
juniper	junos_pulse_secure_access_service	7.1r1.1
juniper	junos_pulse_secure_access_service	7.1r2
juniper	junos_pulse_secure_access_service	7.1r3
juniper	junos_pulse_secure_access_service	7.1r4
juniper	junos_pulse_secure_access_service	7.1r5
juniper	junos_pulse_secure_access_service	7.1r6
juniper	junos_pulse_secure_access_service	7.1r7
juniper	junos_pulse_secure_access_service	7.1r8
juniper	junos_pulse_secure_access_service	7.1r9
juniper	junos_pulse_secure_access_service	7.1r10
juniper	junos_pulse_secure_access_service	7.1r11
juniper	junos_pulse_secure_access_service	7.1r12
juniper	junos_pulse_secure_access_service	7.1r13
juniper	junos_pulse_secure_access_service	7.1r14
juniper	junos_pulse_secure_access_service	7.1r15
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19A150B-30A6-4C86-86EE-DD010C707607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "42FFCBD4-D611-40FB-9EC0-FD7514D3E4D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ECFCA72-04D6-441D-9167-F549293C26A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "538BDA70-3F06-4AAE-9ACA-DF4C776DE19E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5EBC04E-16D9-4DC0-B0A9-A99527B5FA11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C21197A5-8BDA-4FDB-9AC3-703715AA4F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C00A34F-1E90-4E81-AFDE-02A1D059A24C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1539B994-2F09-43E8-9854-4A41585F0513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "3AEABC77-6BCF-4D8B-86FA-74E7B384914A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "BE20B878-7344-455C-AB6F-12E0C9C126DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_access_control_service:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2654EEEA-B9FA-4717-8498-0E4A49B5E058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE0C8957-0870-4070-AAD3-720EE46311EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47A21AF8-2618-4C7F-B250-BEDBBE9BE7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6386D17E-158E-4F5E-B0C7-7719D0020CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
              "matchCriteriaId": "601BEBCC-F133-40FB-A1B8-599889D05480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DFCB2A6-FFF0-4108-B587-C27FB96FD75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A381B35A-750E-4E70-99DA-25C4837C9DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D2E937F-6235-4040-ADAF-884304C7D65C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3921140-1DDB-416E-9DC6-BB097C339A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F6EE11-D19C-43DD-AFB8-D8AE60B5692F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
              "matchCriteriaId": "810ABC69-F219-4060-A50E-5A9D531BF26A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD9F89E-5AFB-4B80-B615-6E4720FA8A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
              "matchCriteriaId": "134E62A7-0E1E-453B-AE43-EFF7BA700658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA1CB31-3514-480E-ADD0-B8415B379754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "C503F416-17B4-45DA-9E36-9A8B14C2DEC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "ECDD185D-A088-43A4-B4DE-599D22F1642C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B390A8A0-D317-4EDE-9B1F-2CC53DC72C06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en el servidor web SSL VPN/UAC en los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 7.1 anterior a 7.1r16, 7.4 anterior a 7.4r3, y 8.0 anterior a 8.0r1 y los dispositivos Juniper Junos Pulse Access Control Service con UAC OS 4.1 anterior a 4.1r8, 4.4 anterior a 4.4r3 y 5.0 anterior a 5.0r1 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-3820",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-09-29T14:55:08.720",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1030852"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201409-0548

Vulnerability from variot - Updated: 2023-12-18 13:39

Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors. Juniper Junos Pulse Secure Access is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The former is a client that supports remote and mobile users to access corporate resources with various Web devices. The latter is a standards-based, scalable network access control solution. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0548",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r5"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "4.1r4"
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "4.1r2"
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "4.1r5"
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "4.1r3"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r4"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r6"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r9"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r10"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r3"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r13"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r1.1"
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r8"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r7"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r11"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r2"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r12"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r1"
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "4.1r1.1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r14"
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "4.1r1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r15"
      },
      {
        "model": "ic4000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(ive os) 8.0r1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "secure access 700",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse access control service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "secure access 6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 6000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(ive os) 7.4r3"
      },
      {
        "model": "junos pulse access control service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "ic6000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag4610 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ic4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag2600 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6611 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ic6500 fips",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6610 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(uac os) 5.0r1"
      },
      {
        "model": "fips secure access 6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse access control service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "ic6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(ive os) 7.1r16"
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(uac os) 4.1r8"
      },
      {
        "model": "fips secure access 4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse access control service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(uac os) 4.4r8"
      },
      {
        "model": "sa700",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "sa6500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "sa6000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "sa4500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "sa4000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "sa2500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "sa2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "mag6611",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "mag6610",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "mag4610",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "mag2600",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "fips sa6500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "fips sa6000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "fips sa4500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "fips sa4000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "uac os 5.0r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "uac os 4.4r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "uac os 4.1r8.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os 8.0r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os 7.4r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os 7.1r16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3820"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-992"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.4:r1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:4.1r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_access_control_service:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3820"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "69801"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-992"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-3820",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-3820",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-71760",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3820",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201409-992",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71760",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71760"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3820"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-992"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors. Juniper Junos Pulse Secure Access is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The former is a client that supports remote and mobile users to access corporate resources with various Web devices. The latter is a standards-based, scalable network access control solution. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3820"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      },
      {
        "db": "BID",
        "id": "69801"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71760"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3820",
        "trust": 2.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10645",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1030852",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "69801",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004482",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-992",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-71760",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71760"
      },
      {
        "db": "BID",
        "id": "69801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3820"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-992"
      }
    ]
  },
  "id": "VAR-201409-0548",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71760"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:39:21.970000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10645",
        "trust": 0.8,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10645"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71760"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3820"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10645"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030852"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3820"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3820"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/69801"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10645\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.1,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10645"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71760"
      },
      {
        "db": "BID",
        "id": "69801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3820"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-992"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-71760"
      },
      {
        "db": "BID",
        "id": "69801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3820"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-992"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71760"
      },
      {
        "date": "2014-09-12T00:00:00",
        "db": "BID",
        "id": "69801"
      },
      {
        "date": "2014-10-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      },
      {
        "date": "2014-09-29T14:55:08.720000",
        "db": "NVD",
        "id": "CVE-2014-3820"
      },
      {
        "date": "2014-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201409-992"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71760"
      },
      {
        "date": "2014-09-12T00:00:00",
        "db": "BID",
        "id": "69801"
      },
      {
        "date": "2014-10-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      },
      {
        "date": "2016-04-01T18:47:52.030000",
        "db": "NVD",
        "id": "CVE-2014-3820"
      },
      {
        "date": "2014-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201409-992"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-992"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Junos Pulse Secure Access Service and  Juniper Junos Pulse Access Control Service Device cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004482"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-992"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3820 (GCVE-0-2014-3820)

GHSA-6G26-H884-XWV8

CERTFR-2014-AVI-387

Solution

CERTFR-2014-AVI-387

Solution

GSD-2014-3820

FKIE_CVE-2014-3820

VAR-201409-0548

Tags

Sightings

Nomenclature