CVE-2019-0016medium
Description
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
References
Details
Source: MITRE
Published: 2019-01-15
Updated: 2020-08-24
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 5.5
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P
Impact Score: 4.9
Exploitability Score: 8
Severity: MEDIUM
CVSS v3
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM