{"containers": {"cna": {"affected": [{"platforms": ["SRX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "18.2R3-S8", "status": "affected", "version": "18.2", "versionType": "custom"}, {"lessThan": "18.3R3-S5", "status": "affected", "version": "18.3", "versionType": "custom"}, {"lessThan": "18.4R3-S8", "status": "affected", "version": "18.4", "versionType": "custom"}, {"lessThan": "19.1R3-S5", "status": "affected", "version": "19.1", "versionType": "custom"}, {"lessThan": "19.2R1-S7, 19.2R3-S3", "status": "affected", "version": "19.2", "versionType": "custom"}, {"lessThan": "19.3R2-S6, 19.3R3-S3", "status": "affected", "version": "19.3", "versionType": "custom"}, {"lessThan": "19.4R1-S4, 19.4R2-S4, 19.4R3-S3", "status": "affected", "version": "19.4", "versionType": "custom"}, {"lessThan": "20.1R2-S2, 20.1R3", "status": "affected", "version": "20.1", "versionType": "custom"}, {"lessThan": "20.2R3-S1", "status": "affected", "version": "20.2", "versionType": "custom"}, {"lessThan": "20.3R2-S1, 20.3R3", "status": "affected", "version": "20.3", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "The examples of the config stanza affected by this issue:\n\n [system services web-management]\n [system services web-management https]"}], "datePublic": "2021-10-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-19T18:17:08.000Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11238"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 18.2R3-S8, 18.3R3-S5, 18.4R3-S8, 19.1R3-S5, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R2-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3-S1, 20.3R2-S1, 20.3R3, 20.4R1, and all subsequent releases."}], "source": {"advisory": "JSA11238", "defect": ["1460162"], "discovery": "INTERNAL"}, "title": "Junos OS: SRX Series: Persistent XSS vulnerability in J-Web", "workarounds": [{"lang": "en", "value": "To reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users.\n\nAlternatively, J-Web can be disabled."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2021-10-13T16:00:00.000Z", "ID": "CVE-2021-31373", "STATE": "PUBLIC", "TITLE": "Junos OS: SRX Series: Persistent XSS vulnerability in J-Web"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"platform": "SRX Series", "version_affected": "<", "version_name": "18.2", "version_value": "18.2R3-S8"}, {"platform": "SRX Series", "version_affected": "<", "version_name": "18.3", "version_value": "18.3R3-S5"}, {"platform": "SRX Series", "version_affected": "<", "version_name": "18.4", "version_value": "18.4R3-S8"}, {"platform": "SRX Series", "version_affected": "<", "version_name": "19.1", "version_value": "19.1R3-S5"}, {"platform": "SRX Series", "version_affected": "<", "version_name": "19.2", "version_value": "19.2R1-S7, 19.2R3-S3"}, {"platform": "SRX Series", "version_affected": "<", "version_name": "19.3", "version_value": "19.3R2-S6, 19.3R3-S3"}, {"platform": "SRX Series", "version_affected": "<", "version_name": "19.4", "version_value": "19.4R1-S4, 19.4R2-S4, 19.4R3-S3"}, {"platform": "SRX Series", "version_affected": "<", "version_name": "20.1", "version_value": "20.1R2-S2, 20.1R3"}, {"platform": "SRX Series", "version_affected": "<", "version_name": "20.2", "version_value": "20.2R3-S1"}, {"platform": "SRX Series", "version_affected": "<", "version_name": "20.3", "version_value": "20.3R2-S1, 20.3R3"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "configuration": [{"lang": "en", "value": "The examples of the config stanza affected by this issue:\n\n [system services web-management]\n [system services web-management https]"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}, {"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11238", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11238"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 18.2R3-S8, 18.3R3-S5, 18.4R3-S8, 19.1R3-S5, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R2-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3-S1, 20.3R2-S1, 20.3R3, 20.4R1, and all subsequent releases."}], "source": {"advisory": "JSA11238", "defect": ["1460162"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "To reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users.\n\nAlternatively, J-Web can be disabled."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:55:53.692Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA11238"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2021-31373", "datePublished": "2021-10-19T18:17:09.036Z", "dateReserved": "2021-04-15T00:00:00.000Z", "dateUpdated": "2024-09-16T18:34:02.417Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*", "matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*", "matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "0070B31B-59DC-46E9-93E0-1E8BF3560BFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*", "matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*", "matchCriteriaId": "238EC996-8E8C-4332-916F-09E54E6EBB9D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*", "matchCriteriaId": "5F711936-33A1-47FC-A6A0-A63088915815", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "21B7820C-01D2-401C-9E6D-C83994FD5961", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "3D2FBD29-2CAC-41B4-9336-671373EF4A7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "EEFCDA90-67E2-4AEF-800C-1D29A9121B8F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s4:*:*:*:*:*:*", "matchCriteriaId": "74B99981-840F-4DAD-976A-5DAEFE9FB93D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s5:*:*:*:*:*:*", "matchCriteriaId": "BDD3ADB9-35FF-41D3-92BD-98D6D4826B03", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s6:*:*:*:*:*:*", "matchCriteriaId": "341F2459-8335-40E9-A2B3-BE804D319F95", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s7:*:*:*:*:*:*", "matchCriteriaId": "0CD17956-8E8C-489D-927A-5709C05EA705", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s8:*:*:*:*:*:*", "matchCriteriaId": "27D9AEBC-2CA3-4E17-9543-D60B10BA2AE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*", "matchCriteriaId": "B670F988-78F2-4BC6-B7FC-E34C280F67DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "2F9451C7-6466-4AC9-9A7F-90A2817AED6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "871CA952-C5EC-4A25-8EF0-C2EC484F7DE9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "80E2AD65-3DAC-4618-AB73-C43EDCDC7A13", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "B783A510-A694-4BF0-8995-F05507F75A90", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3-s5:*:*:*:*:*:*", "matchCriteriaId": "C9CAAF7C-9876-473A-BE83-16EA8F00E8C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3-s6:*:*:*:*:*:*", "matchCriteriaId": "3E4F0A1E-B15E-44C3-A55D-8AC016915451", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2:r3-s7:*:*:*:*:*:*", "matchCriteriaId": "F2DEF924-0165-41B5-8A9D-A75596433CD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*", "matchCriteriaId": "1BB9C2BB-D20B-41E9-B75F-7FAD9ECCDB99", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*", "matchCriteriaId": "5342C3DC-D640-47AB-BD76-3444852988A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "8AB8585E-EDC6-4400-BEE3-3A6A7C922C90", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "A2ABC574-B3FC-4025-B50D-7F9EEB28C806", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "6F6EAFC3-C3AC-4361-8530-39FCF89702F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*", "matchCriteriaId": "92FB1BF6-8852-45D8-817C-36CDBE730801", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*", "matchCriteriaId": "6B363298-315C-4FD5-9417-C5B82883A224", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*", "matchCriteriaId": "EB08FF7B-01F5-4A19-858E-E2CD19D61A62", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*", "matchCriteriaId": "B7A3FBD3-5399-42A9-9BD9-E3C981CBD6DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "4EBD361C-8B4D-43EF-8B82-9FE165D8206E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "6E7539C4-6208-43EB-9A0B-4852D0CE0FA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "35299B02-DC75-458D-B86D-8A0DB95B06AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s4:*:*:*:*:*:*", "matchCriteriaId": "9BAC3EF2-3339-4E3C-9C6D-E854EBBDEF9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*", "matchCriteriaId": "CFB29C9B-9729-43EB-AF98-AF44038DA711", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "2D1FB957-54C8-428E-BC8D-2802D7F6895F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "A0BC4766-4BA4-4B02-A654-5C527EA66E9E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "BB8263A9-5D63-46A2-9C98-B3980910B612", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "75F125DC-3A21-489F-B324-A586F5BA350A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*", "matchCriteriaId": "74CA9010-D3DE-487B-B46F-589A48AB0F0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*", "matchCriteriaId": "A38F224C-8E9B-44F3-9D4F-6C9F04F57927", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "853F146A-9A0F-49B6-AFD2-9907434212F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "8F73B88B-E66C-4ACD-B38D-9365FB230ABA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "EE1F82EC-3222-4158-8923-59CDA1909A9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*", "matchCriteriaId": "8FE95D15-B5E5-4E74-9464-C72D8B646A6B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*", "matchCriteriaId": "C012CD07-706A-4E1C-B399-C55AEF5C8309", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*", "matchCriteriaId": "A0C26E59-874A-4D87-9E7F-E366F4D65ED1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*", "matchCriteriaId": "75902119-60D0-49F8-8E01-666E0F75935A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*", "matchCriteriaId": "D59D7A31-128B-4034-862B-8EF3CE3EE949", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "0C5E097B-B79E-4E6A-9291-C8CB9674FED5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "819FA3ED-F934-4B20-BC0E-D638ACCB7787", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "3D7D773A-4988-4D7C-A105-1885EBE14426", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*", "matchCriteriaId": "1BD93674-9375-493E-BD6C-8AD41CC75DD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*", "matchCriteriaId": "34E28FD9-1089-42F7-8586-876DBEC965DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s6:*:*:*:*:*:*", "matchCriteriaId": "B7E72C49-1849-4A6F-81BC-D03F06D47D6D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s7:*:*:*:*:*:*", "matchCriteriaId": "541535BD-20DC-4489-91A7-F6CBC6802352", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s8:*:*:*:*:*:*", "matchCriteriaId": "924C4EAC-2A52-45A9-BE0F-B62F070C3E3D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*", "matchCriteriaId": "736B7A9F-E237-45AF-A6D6-84412475F481", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "62E63730-F697-4FE6-936B-FD9B4F22EAE8", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "064A7052-4EF5-4BFB-88FF-8122AEECB6A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "08C58CCB-3BAA-4400-B371-556DF46DE69C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "28F7740D-C636-4FA3-8479-E5E039041DA6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s5:*:*:*:*:*:*", "matchCriteriaId": "81F6DEA3-F07E-4FD0-87CB-4E8C0B768706", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s6:*:*:*:*:*:*", "matchCriteriaId": "2C1601BB-CAB7-4C92-8416-1824BB85D820", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s7:*:*:*:*:*:*", "matchCriteriaId": "14FC491D-8DA8-4E79-A9A6-3629E41C847A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*", "matchCriteriaId": "768C0EB7-8456-4BF4-8598-3401A54D21DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*", "matchCriteriaId": "5332B70A-F6B0-4C3B-90E2-5CBFB3326126", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "81439FE8-5405-45C2-BC04-9823D2009A77", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "E506138D-043E-485D-B485-94A2AB75F8E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "0EF3C901-3599-463F-BEFB-8858768DC195", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*", "matchCriteriaId": "CD806778-A995-4A9B-9C05-F4D7B1CB1F7D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s5:*:*:*:*:*:*", "matchCriteriaId": "02B42BE8-1EF2-47F7-9F10-DE486A017EED", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s6:*:*:*:*:*:*", "matchCriteriaId": "0B372356-D146-420B-95C3-381D0383B595", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*", "matchCriteriaId": "DCAB79C9-6639-4ED0-BEC9-E7C8229DF977", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "C8CF858F-84BB-4AEA-B829-FCF22C326160", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "92292C23-DC38-42F1-97C1-8416BBB60FA9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "59E2311C-075A-4C64-B614-728A21B17B1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*", "matchCriteriaId": "5405F361-AB96-4477-AA0D-49B874324B39", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "E45E5421-2F6F-4AF9-8EB1-431A804FC649", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "93098975-4A06-4A72-8DF0-F2C5E1AF2F77", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "E1F3AEE4-CEB8-4CAA-A48A-1B4647FFFCDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "69E2DF80-63D8-48DD-BC73-C406B7AA3C7D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*", "matchCriteriaId": "0E7545CE-6300-4E81-B5AF-2BE150C1B190", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*", "matchCriteriaId": "4CA3060F-1800-4A06-A453-FB8CE4B65312", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "9A5B337A-727C-4767-AD7B-E0F7F99EB46F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "16FDE60B-7A99-4683-BC14-530B5B005F8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "725D8C27-E4F8-4394-B4EC-B49B6D3C2709", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*", "matchCriteriaId": "8233C3AB-470E-4D13-9BFD-C9E90918FD0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s5:*:*:*:*:*:*", "matchCriteriaId": "5F7A233A-D4F6-46FA-92E9-2ACE13E4A6A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s6:*:*:*:*:*:*", "matchCriteriaId": "ADCE4EA8-DDBA-4766-BB81-E4DA29723723", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*", "matchCriteriaId": "7C71D2FA-B1A4-4004-807F-7B3BB347DF4C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "9E78E854-DDD3-4D1A-97AB-AEA70B9B811F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*", "matchCriteriaId": "512FB3D1-BA5B-4F73-BDB2-49D6889F5473", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "7FCBFF57-83A1-4C1C-A38D-7DAB48BCA2EC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "920FE638-BDE6-403D-9083-2BDBF6A3326F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*", "matchCriteriaId": "59006503-B2CA-4F79-AC13-7C5615A74CE5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*", "matchCriteriaId": "B8110DA9-54B1-43CF-AACB-76EABE0C9EF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "11B5CC5A-1959-4113-BFCF-E4BA63D918C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*", "matchCriteriaId": "33F08A33-EF80-4D86-9A9A-9DF147B9B6D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "AF24ACBD-5F84-47B2-BFF3-E9A56666269C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "3935A586-41BD-4FA5-9596-DED6F0864777", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "B83FB539-BD7C-4BEE-9022-098F73902F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*", "matchCriteriaId": "7659AC36-A5EA-468A-9793-C1EC914D36F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*", "matchCriteriaId": "E0E018E1-568E-40F2-ADA5-F71509811879", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*", "matchCriteriaId": "B9295AF3-A883-47C3-BAF8-3D82F719733E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "F09D3262-394A-43D1-A4ED-8887FCB20F87", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "D3FEA876-302D-4F07-94E6-237C669538F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*", "matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "70FF3DD4-14CB-435D-8529-0480EB853F60", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*", "matchCriteriaId": "4DCFA774-96EF-4018-82CF-95C807025C24", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "76022948-4B07-43CB-824C-44E1AB3537CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "25446F60-5CB9-4923-BCE8-609AE3CFDFBC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "A23E5CEA-EFF5-4641-BC47-BA2D0859F0EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:*", "matchCriteriaId": "758275F3-9457-45A2-8F57-65DCD659FC1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "B46CB928-78B5-4D60-B747-9A0988C7060D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "ED73BF1A-96E4-49F1-A6AA-7B29DAA6C112", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*", "matchCriteriaId": "8328FDE6-9707-4142-B905-3B07C0E28E35", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "41CD982F-E6F2-4951-9F96-A76C142DF08E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "19FDC05F-5582-4F7E-B628-E58A3C0E7F2F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "401306D1-E9CE-49C6-8DC9-0E8747B9DC2C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*", "matchCriteriaId": "615EAF48-AD53-4CC2-B233-5EA5C0F72CB1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.1:r2:*:*:*:*:*:*", "matchCriteriaId": "DC8E7547-6649-436D-BC45-184417680C72", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "D9789FF8-D55C-4AF9-A250-E543A0EB826F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*", "matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "18DB9401-5A51-4BB3-AC2F-58F58F1C788C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "06F53DA5-59AE-403C-9B1E-41CE267D8BB1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*", "matchCriteriaId": "3332262F-81DA-4D78-99C9-514CADA46611", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "B46B63A2-1518-4A29-940C-F05624C9658D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "8E0D4959-3865-42A7-98CD-1103EBD84528", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "3A58292B-814C-49E7-8D6D-BE26EFB9ADDF", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*", "matchCriteriaId": "681AE183-7183-46E7-82EA-28C398FA1C3D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*", "matchCriteriaId": "5C9BC697-C7C9-447D-9EBD-E9711462583E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "7B80433B-57B1-49EF-B1A1-83781D6102E3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:*", "matchCriteriaId": "05D8427C-CDDE-4B2F-9CB8-41B9137660E4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*", "matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*", "matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*", "matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*", "matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E020556B-693F-4963-BA43-3164AB50FA49", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*", "matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*", "matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "06A03463-6B1D-4DBA-9E89-CAD5E899B98B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5ABA347C-3EF3-4F75-B4D1-54590A57C2BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*", "matchCriteriaId": "06685D0E-A075-49A5-9EF4-34F0F795C8C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*", "matchCriteriaId": "52F0B735-8C49-4B08-950A-296C9CDE43CA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en Juniper Networks Junos OS en la serie SRX, la interfaz J-Web puede permitir que un usuario remoto autenticado inyecte scripts persistentes y maliciosos. Un atacante puede aprovechar esta vulnerabilidad para robar datos confidenciales y credenciales de una sesi\u00f3n de administraci\u00f3n web, o secuestrar la sesi\u00f3n activa de otro usuario para llevar a cabo acciones administrativas. Este problema afecta a: Juniper Networks Junos OS Serie SRX: versiones 18.2 anteriores a 18.2R3-S8; versiones 18.3 anteriores a 18.3R3-S5; versiones 18.4 anteriores a 18.4R3-S8; versiones 19.1 anteriores a 19.1R3-S5; versiones 19.2 anteriores a 19.2R1-S7, 19.2R3-S3; versiones 19.3 anteriores a 19. 3R2-S6, 19.3R3-S3; versiones 19.4 anteriores a 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; versiones 20.1 anteriores a 20.1R2-S2, 20.1R3; versiones 20.2 anteriores a 20.2R3-S1; versiones 20.3 anteriores a 20.3R2-S1, 20.3R3"}], "id": "CVE-2021-31373", "lastModified": "2024-11-21T06:05:32.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-19T19:15:10.400", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11238"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-79"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}