CRITICAL🇬🇧 English

CVE-2018-0040

CVSS 9.8v3.0pub. 2018-07-11upd. 2024-11-21

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Juniper Contrail Service Orchestration

    APP
    Juniper
    < 4.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-0038CRITICAL9.8ten sam produkt

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by defa...

CVE-2018-0041CRITICAL9.8ten sam produkt

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Ke...

CVE-2018-0042CRITICAL9.8ten sam produkt

Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosu...

CVE-2022-22189HIGH7.3ten sam produkt

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allow...

CVE-2022-22152HIGH7.7ten sam produkt

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestratio...