Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
References
Link | Resource |
---|---|
https://kb.juniper.net/JSA10918 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2019-01-15 13:29
Updated : 2019-10-09 16:43
NVD link : CVE-2019-0020
Mitre link : CVE-2019-0020
JSON object : View
CWE
CWE-798
Use of Hard-coded Credentials
Products Affected
juniper
- atp400
- atp700
- advanced_threat_prevention