CRITICAL🇬🇧 English

CVE-2018-0041

CVSS 9.8v3.0pub. 2018-07-11upd. 2024-11-21

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Juniper Contrail Service Orchestration

    APP
    Juniper
    < 3.3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-0038CRITICAL9.8ten sam produkt

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by defa...

CVE-2018-0040CRITICAL9.8ten sam produkt

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificate...

CVE-2018-0042CRITICAL9.8ten sam produkt

Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosu...

CVE-2022-22189HIGH7.3ten sam produkt

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allow...

CVE-2022-22152HIGH7.7ten sam produkt

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestratio...