A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
References
Link | Resource |
---|---|
https://kb.juniper.net/JSA10917 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: juniper
Published: 2019-01-09T00:00:00
Updated: 2019-01-15T20:57:01
Reserved: 2018-10-11T00:00:00
Link: CVE-2019-0016
JSON object: View
NVD Information
Status : Modified
Published: 2019-01-15T21:29:01.463
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-0016
JSON object: View
Redhat Information
No data.
CWE