CVE-2019-0004

MEDIUM

Juniper Advanced Threat Prevention < 5.0.3 - Log Information Exposure

Title source: rule
STIX 2.1

Description

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10918

Scores

CVSS v3 5.5
EPSS 0.0005
EPSS Percentile 15.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-532
Status published
Products (1)
juniper/advanced_threat_prevention 5.0.0 - 5.0.3
Published Jan 15, 2019
Tracked Since Feb 18, 2026