VAR-201309-0472
Vulnerability from variot - Updated: 2023-12-18 12:58Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page. Junos Pulse Secure Access Service is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to Junos Pulse Secure Access Service 7.4r3, 7.3r6, 7.2r11, or 7.1r15 are vulnerable. Juniper Networks Junos Pulse Secure Access Service (SSL VPN) is a simple, intuitive client from Juniper Networks. The client supports remote and mobile users to access enterprise resources with various web devices. The following versions are affected: 7.1 prior to 7.1r15, 7.2 prior to 7.2r11, 7.3 prior to 7.3r6, 7.4 prior to 7.4r3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0472",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.2"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.1"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.2"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.1r15"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.3r6"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.2r11"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.4r3"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5649"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sandro Gauci, EnableSecurity",
"sources": [
{
"db": "BID",
"id": "62353"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5649",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-5649",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-65651",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5649",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-196",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65651",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65651"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page. Junos Pulse Secure Access Service is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nVersions prior to Junos Pulse Secure Access Service 7.4r3, 7.3r6, 7.2r11, or 7.1r15 are vulnerable. Juniper Networks Junos Pulse Secure Access Service (SSL VPN) is a simple, intuitive client from Juniper Networks. The client supports remote and mobile users to access enterprise resources with various web devices. The following versions are affected: 7.1 prior to 7.1r15, 7.2 prior to 7.2r11, 7.3 prior to 7.3r6, 7.4 prior to 7.4r3",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5649"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "BID",
"id": "62353"
},
{
"db": "VULHUB",
"id": "VHN-65651"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5649",
"trust": 2.8
},
{
"db": "JUNIPER",
"id": "JSA10589",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "97240",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196",
"trust": 0.7
},
{
"db": "BID",
"id": "62353",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-65651",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65651"
},
{
"db": "BID",
"id": "62353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
]
},
"id": "VAR-201309-0472",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-65651"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:58:06.125000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA10589",
"trust": 0.8,
"url": "http://kb.juniper.net/jsa10589"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65651"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://kb.juniper.net/jsa10589"
},
{
"trust": 1.1,
"url": "http://osvdb.org/97240"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5649"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5649"
},
{
"trust": 0.3,
"url": "http://www.juniper.net"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65651"
},
{
"db": "BID",
"id": "62353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-65651"
},
{
"db": "BID",
"id": "62353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-65651"
},
{
"date": "2013-09-12T00:00:00",
"db": "BID",
"id": "62353"
},
{
"date": "2013-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"date": "2013-09-13T14:10:27.580000",
"db": "NVD",
"id": "CVE-2013-5649"
},
{
"date": "2013-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-65651"
},
{
"date": "2013-09-12T00:00:00",
"db": "BID",
"id": "62353"
},
{
"date": "2013-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"date": "2013-09-18T03:30:15.547000",
"db": "NVD",
"id": "CVE-2013-5649"
},
{
"date": "2013-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IVE OS Equipped with Juniper Junos Pulse Secure Access Service Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…