Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Juniper ATP: API and device keys are logged in a world-readable permissions file
Vulnerability Description
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
CVSS Information
N/A
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Juniper ATP 信息泄露漏洞
Vulnerability Description
Juniper Advanced Threat Prevention(ATP)是美国瞻博网络(Juniper Networks)公司的一套高级威胁防护平台。该产品支持恶意软件检测、文件分析、恶意IP地址和URL拦截等功能。 Juniper ATP 5.0.3之前的5.0版本中存在安全漏洞,该漏洞源于程序将API密钥和设备密钥记录到本地已认证用户可读取的文件中。攻击者可利用该漏洞在WebUI界面上执行操作。
CVSS Information
N/A
Vulnerability Type
N/A