{"api_version":"1","generated_at":"2026-04-23T10:17:49+00:00","cve":"CVE-2018-0046","urls":{"html":"https://cve.report/CVE-2018-0046","api":"https://cve.report/api/cve/CVE-2018-0046.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-0046","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-0046"},"summary":{"title":"CVE-2018-0046","description":"A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.","state":"PUBLIC","assigner":"sirt@juniper.net","published_at":"2018-10-10 18:29:00","updated_at":"2019-10-09 23:31:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1041862","name":"1041862","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Juniper Junos Space Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kb.juniper.net/JSA10880","name":"https://kb.juniper.net/JSA10880","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"2018-10 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 18.2R1 release - Juniper Networks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105566","name":"105566","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d","name":"https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"NMS-9065: Fixed the Asset pages JSPs to handle ACL filtering for rele… · OpenNMS/opennms@8710463 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-0046","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0046","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Marcel Bilal of IT-Dienstleistungszentrum Berlin","lang":""}],"nvd_cpes":[{"cve_year":"2018","cve_id":"46","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"juniper","cpe5":"junos_space","cpe6":"18.1r1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"46","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"juniper","cpe5":"junos_space","cpe6":"18.1r1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"sirt@juniper.net","DATE_PUBLIC":"2018-10-10T16:00:00.000Z","ID":"CVE-2018-0046","STATE":"PUBLIC","TITLE":"Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Junos Space","version":{"version_data":[{"affected":"<","version_value":"18.2R1"}]}}]},"vendor_name":"Juniper Networks"}]}},"credit":[{"lang":"eng","value":"Marcel Bilal of IT-Dienstleistungszentrum Berlin"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1."}]},"exploit":[{"lang":"eng","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Reflected cross-site scripting vulnerability"}]}]},"references":{"reference_data":[{"name":"105566","refsource":"BID","url":"http://www.securityfocus.com/bid/105566"},{"name":"https://kb.juniper.net/JSA10880","refsource":"CONFIRM","url":"https://kb.juniper.net/JSA10880"},{"name":"https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d","refsource":"CONFIRM","url":"https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"},{"name":"1041862","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041862"}]},"solution":[{"lang":"eng","value":"The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases.\n"}],"source":{"advisory":"JSA10880","defect":["1337619"],"discovery":"EXTERNAL"},"work_around":[{"lang":"eng","value":"There are no viable workarounds for this issue."}]},"nvd":{"publishedDate":"2018-10-10 18:29:00","lastModifiedDate":"2019-10-09 23:31:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:juniper:junos_space:18.1r1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"46","Ordinal":"114647","Title":"CVE-2018-0046","CVE":"CVE-2018-0046","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"46","Ordinal":"1","NoteData":"A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"46","Ordinal":"2","NoteData":"2018-10-10","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"46","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}