CRITICAL🇬🇧 English

CVE-2018-0038

CVSS 9.8v3.0pub. 2018-07-11upd. 2024-11-21

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Juniper Contrail Service Orchestration

    APP
    Juniper
    < 3.3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-0040CRITICAL9.8ten sam produkt

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificate...

CVE-2018-0041CRITICAL9.8ten sam produkt

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Ke...

CVE-2018-0042CRITICAL9.8ten sam produkt

Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosu...

CVE-2022-22189HIGH7.3ten sam produkt

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allow...

CVE-2022-22152HIGH7.7ten sam produkt

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestratio...