CVE-2018-0046
Summary
| CVE | CVE-2018-0046 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-10 18:29:00 UTC |
| Updated | 2019-10-09 23:31:00 UTC |
| Description | A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Juniper | Junos Space | 18.1r1 | All | All | All |
| Application | Juniper | Junos Space | 18.1r1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Juniper Junos Space Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| 2018-10 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 18.2R1 release - Juniper Networks | CONFIRM | kb.juniper.net | Vendor Advisory |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| NMS-9065: Fixed the Asset pages JSPs to handle ACL filtering for rele… · OpenNMS/opennms@8710463 · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Marcel Bilal of IT-Dienstleistungszentrum Berlin
There are currently no legacy QID mappings associated with this CVE.