Product Affected: SRX Series devices running Junos OS 11.4, 12.1X44, 12.1X45, 12.1X46. Severity: Low Severity Assessment (CVSS) Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Problem: A reflected cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) could allow the theft of sensitive information or session credentials from firewall users. Affected Configuration: SRX Series devices where Web Authentication is used for firewall user authentication. CVE Assigned: CVE-2014-3821 Solution: Junos OS software releases 11.4R11, 12.1X44-D34, 12.1X44-D35, 12.1X45-D25, 12.1X46-D20, 12.1X47-D10, and all subsequent releases include the fix. Workaround: Use Pass-Through Authentication instead of Web Authentication for firewall user authentication.