Vulnerability Description
Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos Pulse Access Control Service | 4.1 |
| Juniper | Junos Pulse Secure Access Service | 7.1 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1030852
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645Vendor Advisory
- http://www.securitytracker.com/id/1030852
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645Vendor Advisory
FAQ
What is CVE-2014-3820?
CVE-2014-3820 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 befor...
How severe is CVE-2014-3820?
CVE-2014-3820 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3820?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Pulse Access Control Service, Juniper Junos Pulse Secure Access Service.