CVE-2019-0004

MEDIUM

Juniper Advanced Threat Prevention 5.0.0-5.0.2 - Authenticated Sensitive Information Exposure via Log File

Title source: llm
STIX 2.1

Description

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10918

Scores

CVSS v3 5.5
EPSS 0.0033
EPSS Percentile 24.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-532
Status published
Products (1)
juniper/advanced_threat_prevention 5.0.0 - 5.0.3
Published Jan 15, 2019
Tracked Since Feb 18, 2026