var-201403-0328
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Juniper Networks' Secure Access is an enterprise-class SSL VPN access device running on Juniper IVE OS. Because the input to the relevant Pulse Collaboration (Secure Meeting) user page lacks filtering before returning to the user, the remote attacker is allowed to exploit the vulnerability to construct a malicious URI, entice the user to resolve, obtain sensitive cookies, hijack the session, or perform malicious operations on the client. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ive os",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "8.0"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "ive os",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "7.1"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.3r10"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "7.4r8"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "ive os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "8.0r1"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "ive os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "8.0"
},
{
"model": "networks ive os software",
"scope": "eq",
"trust": 0.6,
"vendor": "juniper",
"version": "7.x"
},
{
"model": "networks ive os software",
"scope": "eq",
"trust": 0.6,
"vendor": "juniper",
"version": "8.x"
},
{
"model": "sa700",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "sa6500",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "sa6000",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "sa4500",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "sa4000",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "sa2500",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "sa2000",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "mag6611",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "mag6610",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "mag4610",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "mag2600",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "fips sa6500",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "fips sa6000",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "fips sa4500",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "fips sa4000",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "ive os 8.0r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "ive os 7.4r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "ive os 7.3r10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "ive os 7.1r18",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01737"
},
{
"db": "BID",
"id": "66173"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001702"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-288"
},
{
"db": "NVD",
"id": "CVE-2014-2291"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:juniper:ive_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001702"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "66173"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2291",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2014-2291",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-01737",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-70230",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2291",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2014-2291",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-01737",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-288",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-70230",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01737"
},
{
"db": "VULHUB",
"id": "VHN-70230"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001702"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-288"
},
{
"db": "NVD",
"id": "CVE-2014-2291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Juniper Networks\u0027 Secure Access is an enterprise-class SSL VPN access device running on Juniper IVE OS. Because the input to the relevant Pulse Collaboration (Secure Meeting) user page lacks filtering before returning to the user, the remote attacker is allowed to exploit the vulnerability to construct a malicious URI, entice the user to resolve, obtain sensitive cookies, hijack the session, or perform malicious operations on the client. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2291"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001702"
},
{
"db": "CNVD",
"id": "CNVD-2014-01737"
},
{
"db": "BID",
"id": "66173"
},
{
"db": "VULHUB",
"id": "VHN-70230"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2291",
"trust": 3.4
},
{
"db": "JUNIPER",
"id": "JSA10617",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "57375",
"trust": 1.7
},
{
"db": "BID",
"id": "66173",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001702",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-288",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01737",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70230",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01737"
},
{
"db": "VULHUB",
"id": "VHN-70230"
},
{
"db": "BID",
"id": "66173"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001702"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-288"
},
{
"db": "NVD",
"id": "CVE-2014-2291"
}
]
},
"id": "VAR-201403-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01737"
},
{
"db": "VULHUB",
"id": "VHN-70230"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01737"
}
]
},
"last_update_date": "2024-11-23T22:08:21.989000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10617",
"trust": 0.8,
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10617"
},
{
"title": "Juniper Junos Pulse Secure Access SSL VPN Cross-Site Scripting Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/44311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01737"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001702"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70230"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001702"
},
{
"db": "NVD",
"id": "CVE-2014-2291"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10617"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/57375"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91770"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2291"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2291"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.1,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10617"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01737"
},
{
"db": "VULHUB",
"id": "VHN-70230"
},
{
"db": "BID",
"id": "66173"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001702"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-288"
},
{
"db": "NVD",
"id": "CVE-2014-2291"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01737"
},
{
"db": "VULHUB",
"id": "VHN-70230"
},
{
"db": "BID",
"id": "66173"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001702"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-288"
},
{
"db": "NVD",
"id": "CVE-2014-2291"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01737"
},
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-70230"
},
{
"date": "2014-03-12T00:00:00",
"db": "BID",
"id": "66173"
},
{
"date": "2014-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001702"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-288"
},
{
"date": "2014-03-14T15:55:05.697000",
"db": "NVD",
"id": "CVE-2014-2291"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01737"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-70230"
},
{
"date": "2014-03-12T00:00:00",
"db": "BID",
"id": "66173"
},
{
"date": "2014-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001702"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-288"
},
{
"date": "2024-11-21T02:06:00.980000",
"db": "NVD",
"id": "CVE-2014-2291"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-288"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IVE OS of Juniper Junos Pulse Secure Access Service Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001702"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-288"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.