Vulnerability Description
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Service Insight | >= 15.1r1, < 18.1r1 |
| Juniper | Service Now | >= 15.1r1, < 18.1r1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107885Third Party AdvisoryVDB Entry
- https://kb.juniper.net/JSA10921Vendor Advisory
- https://kb.juniper.net/KB27572Release NotesVendor Advisory
- http://www.securityfocus.com/bid/107885Third Party AdvisoryVDB Entry
- https://kb.juniper.net/JSA10921Vendor Advisory
- https://kb.juniper.net/KB27572Release NotesVendor Advisory
FAQ
What is CVE-2019-0032?
CVE-2019-0032 is a vulnerability with a CVSS score of 7.8 (HIGH). A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these store...
How severe is CVE-2019-0032?
CVE-2019-0032 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0032?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Service Insight, Juniper Service Now.