CVE-2019-0032 MEDIUM

CVE-2019-0032: Junos Space Service Now and Service Insight: Organization username and password stored in plaintext in log files.

Vendor Juniper Networks
Product Service Insight
Weakness CWE-256
Published April 10, 2019
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1.

Key dates

02Disclosure timeline

April 10, 2019 CVE published
September 16, 2024 Record updated