VYPR

ATP

by Zyxel

CVEs (11)

  • CVE-2023-28771KEVApr 25, 2023
    Hola
    VPN
    risk 0.23cvss epss 0.94

    Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an…

  • CVE-2019-0021Jan 15, 2019
    Zyxel
    ATP
    risk 0.00cvss epss 0.00

    On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4.

  • CVE-2019-0029Jan 15, 2019
    Zyxel
    ATP
    risk 0.00cvss epss 0.00

    Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

  • CVE-2019-0030Jan 15, 2019
    Zyxel
    ATP
    risk 0.00cvss epss 0.00

    Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

  • CVE-2019-0025Jan 15, 2019
    Zyxel
    ATP
    risk 0.00cvss epss 0.00

    A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user…

  • CVE-2019-0024Jan 15, 2019
    Zyxel
    ATP
    risk 0.00cvss epss 0.00

    A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user…

  • CVE-2019-0023Jan 15, 2019
    Zyxel
    ATP
    risk 0.00cvss epss 0.00

    A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to…

  • CVE-2019-0018Jan 15, 2019
    Zyxel
    ATP
    risk 0.00cvss epss 0.00

    A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user…

  • CVE-2019-0026Jan 15, 2019
    Zyxel
    ATP
    risk 0.00cvss epss 0.00

    A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to…

  • CVE-2019-0027Jan 15, 2019
    Zyxel
    ATP
    risk 0.00cvss epss 0.00

    A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative…

  • CVE-2019-0004Jan 15, 2019
    Zyxel
    ATP
    risk 0.00cvss epss 0.00

    On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.