A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions before 18.3R1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
juniper junos space 15.1 |
||
juniper junos space 16.1 |
||
juniper junos space 13.3 |
||
juniper junos space 14.1 |
||
juniper junos space 15.2 |
||
juniper junos space 17.1 |
||
juniper junos space 17.2 |
||
juniper junos space 18.1 |
||
juniper junos space 18.2 |