Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2291

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-2291
Last Modified 01 Apr 2014 02:29:32
Published 14 Mar 2014 11:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-2291

Summary

Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Operating System

  • Juniper Ive Os 7.1

  • Juniper Ive Os 7.3

  • Juniper Ive Os 7.4

  • Juniper Ive Os 8.0


References

CONFIRM - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617

XF - juniper-junos-cve20142291-xss(91770)

SECUNIA - 57375


Last Updated: 27 May 2016 11:04:48