CVE-2019-0016
Summary
| CVE | CVE-2019-0016 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-15 21:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Juniper | Junos Space | 13.3 | r1 | All | All |
| Application | Juniper | Junos Space | 13.3 | r2 | All | All |
| Application | Juniper | Junos Space | 13.3 | r3 | All | All |
| Application | Juniper | Junos Space | 13.3 | r4 | All | All |
| Application | Juniper | Junos Space | 14.1 | - | All | All |
| Application | Juniper | Junos Space | 14.1 | r1 | All | All |
| Application | Juniper | Junos Space | 14.1 | r2 | All | All |
| Application | Juniper | Junos Space | 14.1 | r3 | All | All |
| Application | Juniper | Junos Space | 15.1 | r1 | All | All |
| Application | Juniper | Junos Space | 15.1 | r2 | All | All |
| Application | Juniper | Junos Space | 15.1 | r3 | All | All |
| Application | Juniper | Junos Space | 15.1 | r4 | All | All |
| Application | Juniper | Junos Space | 15.2 | - | All | All |
| Application | Juniper | Junos Space | 15.2 | r1 | All | All |
| Application | Juniper | Junos Space | 15.2 | r2 | All | All |
| Application | Juniper | Junos Space | 16.1 | - | All | All |
| Application | Juniper | Junos Space | 16.1 | r1 | All | All |
| Application | Juniper | Junos Space | 16.1 | r2 | All | All |
| Application | Juniper | Junos Space | 16.1 | r3 | All | All |
| Application | Juniper | Junos Space | 17.1 | r1 | All | All |
| Application | Juniper | Junos Space | 17.2 | r1.4 | All | All |
| Application | Juniper | Junos Space | 18.1 | r1 | All | All |
| Application | Juniper | Junos Space | 18.2 | r1 | All | All |
| Application | Juniper | Junos Space | 13.3 | r1 | All | All |
| Application | Juniper | Junos Space | 13.3 | r2 | All | All |
| Application | Juniper | Junos Space | 13.3 | r3 | All | All |
| Application | Juniper | Junos Space | 13.3 | r4 | All | All |
| Application | Juniper | Junos Space | 14.1 | - | All | All |
| Application | Juniper | Junos Space | 14.1 | r1 | All | All |
| Application | Juniper | Junos Space | 14.1 | r2 | All | All |
| Application | Juniper | Junos Space | 14.1 | r3 | All | All |
| Application | Juniper | Junos Space | 15.1 | r1 | All | All |
| Application | Juniper | Junos Space | 15.1 | r2 | All | All |
| Application | Juniper | Junos Space | 15.1 | r3 | All | All |
| Application | Juniper | Junos Space | 15.1 | r4 | All | All |
| Application | Juniper | Junos Space | 15.2 | - | All | All |
| Application | Juniper | Junos Space | 15.2 | r1 | All | All |
| Application | Juniper | Junos Space | 15.2 | r2 | All | All |
| Application | Juniper | Junos Space | 16.1 | - | All | All |
| Application | Juniper | Junos Space | 16.1 | r1 | All | All |
| Application | Juniper | Junos Space | 16.1 | r2 | All | All |
| Application | Juniper | Junos Space | 16.1 | r3 | All | All |
| Application | Juniper | Junos Space | 17.1 | r1 | All | All |
| Application | Juniper | Junos Space | 17.2 | r1.4 | All | All |
| Application | Juniper | Junos Space | 18.1 | r1 | All | All |
| Application | Juniper | Junos Space | 18.2 | r1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2019-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 18.3R1 and 18.4R1 releases - Juniper Networks | CONFIRM | kb.juniper.net | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.