A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
References
Link Resource
https://kb.juniper.net/JSA10917 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2019-01-09T00:00:00

Updated: 2019-01-15T20:57:01

Reserved: 2018-10-11T00:00:00


Link: CVE-2019-0016

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2019-01-15T21:29:01.463

Modified: 2020-08-24T17:37:01.140


Link: CVE-2019-0016

JSON object: View

cve-icon Redhat Information

No data.