cvelistv5 - CVE-2014-3824

CVE-2014-3824 (GCVE-0-2014-3824)

Vulnerability from cvelistv5 – Published: 2014-09-29 14:00 – Updated: 2024-08-06 10:57

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/69804	vdb-entryx_refsource_BID
	https://kb.juniper.net/InfoCenter/index?page=cont…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:57:17.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "69804",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69804"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-04T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "69804",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69804"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3824",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "69804",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69804"
            },
            {
              "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3824",
    "datePublished": "2014-09-29T14:00:00",
    "dateReserved": "2014-05-21T00:00:00",
    "dateUpdated": "2024-08-06T10:57:17.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE0C8957-0870-4070-AAD3-720EE46311EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47A21AF8-2618-4C7F-B250-BEDBBE9BE7F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6386D17E-158E-4F5E-B0C7-7719D0020CBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"601BEBCC-F133-40FB-A1B8-599889D05480\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DFCB2A6-FFF0-4108-B587-C27FB96FD75A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A381B35A-750E-4E70-99DA-25C4837C9DDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D2E937F-6235-4040-ADAF-884304C7D65C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3921140-1DDB-416E-9DC6-BB097C339A36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36F6EE11-D19C-43DD-AFB8-D8AE60B5692F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"810ABC69-F219-4060-A50E-5A9D531BF26A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCD9F89E-5AFB-4B80-B615-6E4720FA8A57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"134E62A7-0E1E-453B-AE43-EFF7BA700658\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"C503F416-17B4-45DA-9E36-9A8B14C2DEC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECDD185D-A088-43A4-B4DE-599D22F1642C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"49B32A49-885E-4C3D-8362-1E48B04F1FDE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B149DA0-3128-499D-969A-3231B682D25C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B390A8A0-D317-4EDE-9B1F-2CC53DC72C06\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en el servidor web en los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 8.0 anterior a 8.0r6, 7.4 anterior a 7.4r13, y 7.1 anterior a 7.1r20 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2014-3824",
      "lastModified": "2024-11-21T02:08:55.833",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-09-29T14:55:08.797",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/69804\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/69804\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3824\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-09-29T14:55:08.797\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en el servidor web en los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 8.0 anterior a 8.0r6, 7.4 anterior a 7.4r13, y 7.1 anterior a 7.1r20 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE0C8957-0870-4070-AAD3-720EE46311EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47A21AF8-2618-4C7F-B250-BEDBBE9BE7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6386D17E-158E-4F5E-B0C7-7719D0020CBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"601BEBCC-F133-40FB-A1B8-599889D05480\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DFCB2A6-FFF0-4108-B587-C27FB96FD75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A381B35A-750E-4E70-99DA-25C4837C9DDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D2E937F-6235-4040-ADAF-884304C7D65C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3921140-1DDB-416E-9DC6-BB097C339A36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36F6EE11-D19C-43DD-AFB8-D8AE60B5692F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"810ABC69-F219-4060-A50E-5A9D531BF26A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCD9F89E-5AFB-4B80-B615-6E4720FA8A57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"134E62A7-0E1E-453B-AE43-EFF7BA700658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"C503F416-17B4-45DA-9E36-9A8B14C2DEC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECDD185D-A088-43A4-B4DE-599D22F1642C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"49B32A49-885E-4C3D-8362-1E48B04F1FDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B149DA0-3128-499D-969A-3231B682D25C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B390A8A0-D317-4EDE-9B1F-2CC53DC72C06\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/69804\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/69804\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201409-0550

Vulnerability from variot - Updated: 2023-12-18 13:44

Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Junos Pulse Secure Access Service is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0550",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r6"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r10"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r13"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r1.1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r11"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r12"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r14"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1r15"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r4"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r9"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r5"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r3"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r8"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r7"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "7.1r2"
      },
      {
        "model": "fips secure access 4000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag4610 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(ive os) 7.1r20"
      },
      {
        "model": "fips secure access 6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag2600 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6611 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 6000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6610 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(ive os) 8.0r6"
      },
      {
        "model": "secure access 700",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "(ive os) 7.4r13"
      },
      {
        "model": "fips secure access 4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "junos pulse secure access service",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "networks ive os 7.1r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks ive os 7.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69804"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-997"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3824"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "anonymous from VeriSign iDefense Labs",
    "sources": [
      {
        "db": "BID",
        "id": "69804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-997"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-3824",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-3824",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-71764",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3824",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201409-997",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71764",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71764"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-997"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Junos Pulse Secure Access Service is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in  the browser of an unsuspecting user in the context of the affected site.  This may help the attacker steal cookie-based authentication  credentials and launch other attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3824"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      },
      {
        "db": "BID",
        "id": "69804"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71764"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3824",
        "trust": 2.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10646",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "69804",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004484",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-997",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-71764",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71764"
      },
      {
        "db": "BID",
        "id": "69804"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-997"
      }
    ]
  },
  "id": "VAR-201409-0550",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71764"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:44:27.050000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10646",
        "trust": 0.8,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10646"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71764"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3824"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/69804"
      },
      {
        "trust": 1.6,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10646"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3824"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3824"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/us/en/products-services/software/junos-platform/junos-pulse/secure-access/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10646\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.1,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10646"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71764"
      },
      {
        "db": "BID",
        "id": "69804"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-997"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-71764"
      },
      {
        "db": "BID",
        "id": "69804"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-997"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71764"
      },
      {
        "date": "2014-09-15T00:00:00",
        "db": "BID",
        "id": "69804"
      },
      {
        "date": "2014-10-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      },
      {
        "date": "2014-09-29T14:55:08.797000",
        "db": "NVD",
        "id": "CVE-2014-3824"
      },
      {
        "date": "2014-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201409-997"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71764"
      },
      {
        "date": "2014-09-15T00:00:00",
        "db": "BID",
        "id": "69804"
      },
      {
        "date": "2014-10-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      },
      {
        "date": "2016-04-01T18:48:10.633000",
        "db": "NVD",
        "id": "CVE-2014-3824"
      },
      {
        "date": "2014-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201409-997"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-997"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IVE OS of  Juniper Junos Pulse Secure Access Service Device  Web Server cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004484"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-997"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2014-3824

Vulnerability from fkie_nvd - Published: 2014-09-29 14:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://www.securityfocus.com/bid/69804
	cve@mitre.org	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69804
	af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646

Impacted products

Vendor	Product	Version
juniper	junos_pulse_secure_access_service	7.1
juniper	junos_pulse_secure_access_service	7.1r1
juniper	junos_pulse_secure_access_service	7.1r1.1
juniper	junos_pulse_secure_access_service	7.1r2
juniper	junos_pulse_secure_access_service	7.1r3
juniper	junos_pulse_secure_access_service	7.1r4
juniper	junos_pulse_secure_access_service	7.1r5
juniper	junos_pulse_secure_access_service	7.1r6
juniper	junos_pulse_secure_access_service	7.1r7
juniper	junos_pulse_secure_access_service	7.1r8
juniper	junos_pulse_secure_access_service	7.1r9
juniper	junos_pulse_secure_access_service	7.1r10
juniper	junos_pulse_secure_access_service	7.1r11
juniper	junos_pulse_secure_access_service	7.1r12
juniper	junos_pulse_secure_access_service	7.1r13
juniper	junos_pulse_secure_access_service	7.1r14
juniper	junos_pulse_secure_access_service	7.1r15
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	7.4
juniper	junos_pulse_secure_access_service	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE0C8957-0870-4070-AAD3-720EE46311EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47A21AF8-2618-4C7F-B250-BEDBBE9BE7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6386D17E-158E-4F5E-B0C7-7719D0020CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3C2B970-9EF2-40CE-86B4-B3FF8F788BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3A469E-C3EA-4A34-BCAB-CA18DFB245C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
              "matchCriteriaId": "601BEBCC-F133-40FB-A1B8-599889D05480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DFCB2A6-FFF0-4108-B587-C27FB96FD75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A381B35A-750E-4E70-99DA-25C4837C9DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D2E937F-6235-4040-ADAF-884304C7D65C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3921140-1DDB-416E-9DC6-BB097C339A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F6EE11-D19C-43DD-AFB8-D8AE60B5692F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
              "matchCriteriaId": "810ABC69-F219-4060-A50E-5A9D531BF26A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
              "matchCriteriaId": "48CE0C3C-6E83-47DD-8FB0-45CA7C3B343B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF9BD90-90D8-4617-8BB7-9AA7FFCC1160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBA1D6B0-E878-4364-83C5-FB6FB7C6B93E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD9F89E-5AFB-4B80-B615-6E4720FA8A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
              "matchCriteriaId": "134E62A7-0E1E-453B-AE43-EFF7BA700658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
              "matchCriteriaId": "C503F416-17B4-45DA-9E36-9A8B14C2DEC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
              "matchCriteriaId": "ECDD185D-A088-43A4-B4DE-599D22F1642C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*",
              "matchCriteriaId": "49B32A49-885E-4C3D-8362-1E48B04F1FDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*",
              "matchCriteriaId": "5B149DA0-3128-499D-969A-3231B682D25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B390A8A0-D317-4EDE-9B1F-2CC53DC72C06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en el servidor web en los dispositivos Juniper Junos Pulse Secure Access Service (SSL VPN) con IVE OS 8.0 anterior a 8.0r6, 7.4 anterior a 7.4r13, y 7.1 anterior a 7.1r20 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-3824",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-09-29T14:55:08.797",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/69804"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2014-AVI-387

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper SA4000
N/A	N/A	Juniper SA2000
N/A	N/A	Juniper MAG4610
N/A	N/A	Juniper SA4500
N/A	N/A	Juniper IC6500
N/A	N/A	Juniper MAG2600
N/A	N/A	Juniper FIPS SA6500
N/A	N/A	Juniper SA2500
N/A	N/A	Juniper IC6000
N/A	N/A	Juniper MAG6610
N/A	N/A	Juniper IC4500
N/A	N/A	Juniper FIPS SA6000
N/A	N/A	Juniper FIPS SA4500
N/A	N/A	Juniper MAG6611
N/A	N/A	Juniper FIPS IC6500
N/A	N/A	Juniper IC4000
N/A	N/A	Juniper FIPS SA4000
N/A	N/A	Juniper SA6000
N/A	N/A	Juniper SA6500
N/A	N/A	Juniper SA700

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10646 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10647 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10644 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10645 du 10 septembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG4610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG2600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6611",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3823"
    },
    {
      "name": "CVE-2014-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3824"
    },
    {
      "name": "CVE-2014-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3820"
    },
    {
      "name": "CVE-2014-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3811"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-387",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte\n\u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10646 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10647 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10644 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10644\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10645 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2014-AVI-387

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper SA4000
N/A	N/A	Juniper SA2000
N/A	N/A	Juniper MAG4610
N/A	N/A	Juniper SA4500
N/A	N/A	Juniper IC6500
N/A	N/A	Juniper MAG2600
N/A	N/A	Juniper FIPS SA6500
N/A	N/A	Juniper SA2500
N/A	N/A	Juniper IC6000
N/A	N/A	Juniper MAG6610
N/A	N/A	Juniper IC4500
N/A	N/A	Juniper FIPS SA6000
N/A	N/A	Juniper FIPS SA4500
N/A	N/A	Juniper MAG6611
N/A	N/A	Juniper FIPS IC6500
N/A	N/A	Juniper IC4000
N/A	N/A	Juniper FIPS SA4000
N/A	N/A	Juniper SA6000
N/A	N/A	Juniper SA6500
N/A	N/A	Juniper SA700

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10646 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10647 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10644 du 10 septembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10645 du 10 septembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG4610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG2600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA2500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper MAG6611",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IC4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper FIPS SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SA700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3823"
    },
    {
      "name": "CVE-2014-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3824"
    },
    {
      "name": "CVE-2014-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3820"
    },
    {
      "name": "CVE-2014-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3811"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-387",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte\n\u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10646 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10647 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10647\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10644 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10644\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10645 du 10 septembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10645\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

GSD-2014-3824

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-3824

Aliases

CVE-2014-3824

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3824",
    "description": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2014-3824"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3824"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2014-3824",
      "modified": "2023-12-13T01:22:53.290238Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-3824",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "69804",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/69804"
          },
          {
            "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r2.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r3.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r4.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.4:r1.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junos_pulse_secure_access_service:7.1r13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3824"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
            },
            {
              "name": "69804",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/69804"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2016-04-01T18:48Z",
      "publishedDate": "2014-09-29T14:55Z"
    }
  }
}

GHSA-QG3R-6H68-H2MJ

Vulnerability from github – Published: 2022-05-17 03:57 – Updated: 2022-05-17 03:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3824"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-09-29T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-qg3r-6h68-h2mj",
  "modified": "2022-05-17T03:57:45Z",
  "published": "2022-05-17T03:57:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3824"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10646"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/69804"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3824 (GCVE-0-2014-3824)

VAR-201409-0550

FKIE_CVE-2014-3824

CERTFR-2014-AVI-387

Solution

CERTFR-2014-AVI-387

Solution

GSD-2014-3824

GHSA-QG3R-6H68-H2MJ

Tags

Sightings

Nomenclature