var-201309-0472
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page. Junos Pulse Secure Access Service is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to Junos Pulse Secure Access Service 7.4r3, 7.3r6, 7.2r11, or 7.1r15 are vulnerable. Juniper Networks Junos Pulse Secure Access Service (SSL VPN) is a simple, intuitive client from Juniper Networks. The client supports remote and mobile users to access enterprise resources with various web devices. The following versions are affected: 7.1 prior to 7.1r15, 7.2 prior to 7.2r11, 7.3 prior to 7.3r6, 7.4 prior to 7.4r3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0472",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.1"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.2"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.2"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.1r15"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.3r6"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.2r11"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.4r3"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:juniper:ive_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sandro Gauci, EnableSecurity",
"sources": [
{
"db": "BID",
"id": "62353"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5649",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-5649",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-65651",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5649",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5649",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-196",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65651",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65651"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page. Junos Pulse Secure Access Service is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nVersions prior to Junos Pulse Secure Access Service 7.4r3, 7.3r6, 7.2r11, or 7.1r15 are vulnerable. Juniper Networks Junos Pulse Secure Access Service (SSL VPN) is a simple, intuitive client from Juniper Networks. The client supports remote and mobile users to access enterprise resources with various web devices. The following versions are affected: 7.1 prior to 7.1r15, 7.2 prior to 7.2r11, 7.3 prior to 7.3r6, 7.4 prior to 7.4r3",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5649"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "BID",
"id": "62353"
},
{
"db": "VULHUB",
"id": "VHN-65651"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5649",
"trust": 2.8
},
{
"db": "JUNIPER",
"id": "JSA10589",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "97240",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196",
"trust": 0.7
},
{
"db": "BID",
"id": "62353",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-65651",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65651"
},
{
"db": "BID",
"id": "62353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
}
]
},
"id": "VAR-201309-0472",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-65651"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:08:29.424000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA10589",
"trust": 0.8,
"url": "http://kb.juniper.net/JSA10589"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65651"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://kb.juniper.net/jsa10589"
},
{
"trust": 1.1,
"url": "http://osvdb.org/97240"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5649"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5649"
},
{
"trust": 0.3,
"url": "http://www.juniper.net"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65651"
},
{
"db": "BID",
"id": "62353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-65651"
},
{
"db": "BID",
"id": "62353"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
},
{
"db": "NVD",
"id": "CVE-2013-5649"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-65651"
},
{
"date": "2013-09-12T00:00:00",
"db": "BID",
"id": "62353"
},
{
"date": "2013-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"date": "2013-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-196"
},
{
"date": "2013-09-13T14:10:27.580000",
"db": "NVD",
"id": "CVE-2013-5649"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-65651"
},
{
"date": "2013-09-12T00:00:00",
"db": "BID",
"id": "62353"
},
{
"date": "2013-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004160"
},
{
"date": "2013-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-196"
},
{
"date": "2024-11-21T01:57:52.807000",
"db": "NVD",
"id": "CVE-2013-5649"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IVE OS Equipped with Juniper Junos Pulse Secure Access Service Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004160"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-196"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.