CVE-2019-0032
HIGHJuniper Networks Service Insight <18.1R1 - Info Disclosure
Title source: llmDescription
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10921
Release Notes, Vendor Advisory x_refsource_misc
https://kb.juniper.net/KB27572
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107885
Scores
CVSS v3
7.8
EPSS
0.0044
EPSS Percentile
35.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
CWE-532
CWE-256
Status
published
Products (2)
juniper/service_insight
15.1r1 - 18.1r1
juniper/service_now
15.1r1 - 18.1r1
Published
Apr 10, 2019
Tracked Since
Feb 18, 2026