| Vulnerability Name: | CVE-2018-0046 (CCN-151036) | ||||||||||||
| Assigned: | 2017-11-16 | ||||||||||||
| Published: | 2018-10-10 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-0046 Source: BID Type: Third Party Advisory, VDB Entry 105566 Source: CCN Type: BID-105566 OpenNMS CVE-2018-0046 Cross Site Scripting Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1041862 Source: XF Type: UNKNOWN junos-space-cve20180046-xss(151036) Source: CONFIRM Type: Patch, Third Party Advisory https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d Source: CCN Type: Juniper Networks Security Bulletin JSA10880 Junos Space: Multiple vulnerabilities resolved in 18.2R1 release Source: CONFIRM Type: Vendor Advisory https://kb.juniper.net/JSA10880 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||