Juniper Paragon Active Assurance Control Center 3.3.1

CPE Details

Juniper Paragon Active Assurance Control Center 3.3.1
juniper
paragon_active_assurance_control_center
3.3.1
2024-02-03
02h15 +00:00
2024-02-03
02h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:juniper:paragon_active_assurance_control_center:3.3.1:*:*:*:*:*:*:*

Informations

Vendor

juniper

Product

paragon_active_assurance_control_center

Version

3.3.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-21589 2024-01-12 00h51 +00:00 An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0. This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.