CVE-2019-0032

HIGH

Juniper Networks Service Insight <18.1R1 - Info Disclosure

Title source: llm

Description

A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107885

[Vendor Advisory] https://kb.juniper.net/JSA10921

[Release Notes, Vendor Advisory] https://kb.juniper.net/KB27572

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 35.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522 CWE-532 CWE-256

Status published

Affected Products (2)

juniper/service_insight < 18.1r1

juniper/service_now < 18.1r1

Timeline

Published Apr 10, 2019

Tracked Since Feb 18, 2026