Details of VAR-201810-0068

ID

VAR-201810-0068

CVE

CVE-2018-0046

TITLE

Juniper Networks Junos Space Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-011017

DESCRIPTION

A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. OpenNMS is prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. OpenNMS is one of the network management systems

Trust: 1.98

sources: NVD: CVE-2018-0046 // JVNDB: JVNDB-2018-011017 // BID: 105566 // VULHUB: VHN-118248

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	eq	version:	18.1r1	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	lt	version:	18.2r1	Trust: 0.8
vendor:	opennms	model:	opennms	scope:	eq	version:	1.13.3	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.12.8	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.11.90	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.14	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.5	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.5.96	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.5.95	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.5.94	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.5.93	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.5.92	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.5.91	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.5.90	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.93	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.92	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.91	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.90	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.8	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.7	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.6	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.5	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.4	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.3	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.2	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.1	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.9.0	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.8.17	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.8.16	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.13.1	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.12.7	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.12.6	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.12.5	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.12.4	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.12.3	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.12.2	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.12.1	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.12.0	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.11.94	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.11.93	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.11.92	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.11.91	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.11.3	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.11.2	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.11.1	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.11.0	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.9	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.8	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.7	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.6	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.4	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.3	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.2	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.13	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.12	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.11	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.10	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.1	Trust: 0.3
vendor:	opennms	model:	opennms	scope:	eq	version:	1.10.0	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	15.2	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r2.11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1f3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1f2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1r1.9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1.r3.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r4.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	13.3	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1.6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1p1.14	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space r1.8	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r1.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3p2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.1	Trust: 0.3
vendor:	juniper	model:	junos space 11.4r5.5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.0	Trust: 0.3
vendor:	juniper	model:	junos space 18.2r1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 105566 // JVNDB: JVNDB-2018-011017 // CNNVD: CNNVD-201810-514 // NVD: CVE-2018-0046

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0046
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2018-0046
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0046
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-514
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118248
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0046
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118248
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0046
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8
sirt@juniper.net:	CVE-2018-0046
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-118248 // JVNDB: JVNDB-2018-011017 // CNNVD: CNNVD-201810-514 // NVD: CVE-2018-0046 // NVD: CVE-2018-0046

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118248 // JVNDB: JVNDB-2018-011017 // NVD: CVE-2018-0046

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-514

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201810-514

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011017

PATCH

title:	JSA10880	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10880&actp=METADATA	Trust: 0.8
title:	Juniper Junos Space OpenNMS Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86100	Trust: 0.6

sources: JVNDB: JVNDB-2018-011017 // CNNVD: CNNVD-201810-514

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0046	Trust: 2.8
db:	BID	id:	105566	Trust: 2.0
db:	SECTRACK	id:	1041862	Trust: 1.7
db:	JUNIPER	id:	JSA10880	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-011017	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-514	Trust: 0.7
db:	VULHUB	id:	VHN-118248	Trust: 0.1

sources: VULHUB: VHN-118248 // BID: 105566 // JVNDB: JVNDB-2018-011017 // CNNVD: CNNVD-201810-514 // NVD: CVE-2018-0046

REFERENCES

url:	https://github.com/opennms/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d	Trust: 2.8
url:	http://www.securityfocus.com/bid/105566	Trust: 1.7
url:	https://kb.juniper.net/jsa10880	Trust: 1.7
url:	http://www.securitytracker.com/id/1041862	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0046	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0046	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/	Trust: 0.3

sources: VULHUB: VHN-118248 // BID: 105566 // JVNDB: JVNDB-2018-011017 // CNNVD: CNNVD-201810-514 // NVD: CVE-2018-0046

CREDITS

Marcel Bilal

Trust: 0.3

sources: BID: 105566

SOURCES

db:	VULHUB	id:	VHN-118248
db:	BID	id:	105566
db:	JVNDB	id:	JVNDB-2018-011017
db:	CNNVD	id:	CNNVD-201810-514
db:	NVD	id:	CVE-2018-0046

LAST UPDATE DATE

2024-11-23T22:17:17.955000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118248	date:	2019-10-09T00:00:00
db:	BID	id:	105566	date:	2018-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-011017	date:	2019-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201810-514	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0046	date:	2024-11-21T03:37:25.467

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118248	date:	2018-10-10T00:00:00
db:	BID	id:	105566	date:	2018-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-011017	date:	2019-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201810-514	date:	2018-10-11T00:00:00
db:	NVD	id:	CVE-2018-0046	date:	2018-10-10T18:29:00.780