CVE-2014-3820CVE-2014-3820

Affected configuration(s):

cpe:/a:juniper:junos_pulse_access_control_service:4.1
cpe:/a:juniper:junos_pulse_access_control_service:4.1r1
cpe:/a:juniper:junos_pulse_access_control_service:4.1r1.1
cpe:/a:juniper:junos_pulse_access_control_service:4.1r2
cpe:/a:juniper:junos_pulse_access_control_service:4.1r3
cpe:/a:juniper:junos_pulse_access_control_service:4.1r4
cpe:/a:juniper:junos_pulse_access_control_service:4.1r5
cpe:/a:juniper:junos_pulse_access_control_service:4.4
cpe:/a:juniper:junos_pulse_access_control_service:4.4:r1
cpe:/a:juniper:junos_pulse_access_control_service:4.4:r2
cpe:/a:juniper:junos_pulse_access_control_service:5.0
cpe:/a:juniper:junos_pulse_secure_access_service:7.1
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r1
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r1.1
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r2
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r3
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r4
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r5
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r6
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r7
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r8
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r9
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r10
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r11
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r12
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r13
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r14
cpe:/a:juniper:junos_pulse_secure_access_service:7.1r15
cpe:/a:juniper:junos_pulse_secure_access_service:7.4
cpe:/a:juniper:junos_pulse_secure_access_service:7.4:r1.0
cpe:/a:juniper:junos_pulse_secure_access_service:7.4:r2.0
cpe:/a:juniper:junos_pulse_secure_access_service:8.0

Date published: 2014-09-29T10:55:08.720-04:00

Date last modified: 2016-04-01T14:47:52.030-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securitytracker.com/id/1030852

Summary: Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.