CVE-2021-0220

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.

Published: Jan 15, 2021
Updated: May 4, 2025
CVE: CVE-2021-0220
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-522

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
juniper / junos_space	1.4	1.4.x
juniper / junos_space	15.1-r1	15.1-r1.x
juniper / junos_space	1.0	1.0.x
juniper / junos_space	12.3	12.3.x
juniper / junos_space	1.3	1.3.x
juniper / junos_space	12.1	12.1.x
juniper / junos_space	11.3	11.3.x
juniper / junos_space	11.2	11.2.x
juniper / junos_space	1.1	1.1.x
juniper / junos_space	1.2	1.2.x
juniper / junos_space	2.0	2.0.x
juniper / junos_space	11.1	11.1.x
juniper / junos_space	12.2	12.2.x
juniper / junos_space	11.4	11.4.x
juniper / junos_space	16.1	16.1.x
juniper / junos_space	15.2-r1	15.2-r1.x
juniper / junos_space	15.1-r2	15.1-r2.x
juniper / junos_space	18.1r1	18.1r1.x
juniper / junos_space	13.3-r3	13.3-r3.x
juniper / junos_space	14.1	14.1.x
juniper / junos_space	15.1-r4	15.1-r4.x
juniper / junos_space	15.2	15.2.x
juniper / junos_space	17.2-r1.4	17.2-r1.4.x
juniper / junos_space	19.2-r1	19.2-r1.x
juniper / junos_space	19.1-r1	19.1-r1.x
juniper / junos_space	18.4-r1	18.4-r1.x
juniper / junos_space	18.3-r1	18.3-r1.x
juniper / junos_space	18.2-r1	18.2-r1.x
juniper / junos_space	18.1-r1	18.1-r1.x
juniper / junos_space	19.3-r1	19.3-r1.x
juniper / junos_space	19.4-r1	19.4-r1.x
juniper / junos_space	20.1-r1	20.1-r1.x
juniper / junos_space	13.1	13.1.x
juniper / junos_space	13.1-r1.8	13.1-r1.8.x
juniper / junos_space	15.1	15.1.x
juniper / junos_space	17.1	17.1.x
juniper / junos_space	17.2	17.2.x
juniper / junos_space	18.1	18.1.x
juniper / junos_space	18.2	18.2.x
juniper / junos_space	18.3	18.3.x
juniper / junos_space	18.4	18.4.x
juniper / junos_space	19.1	19.1.x

https://kb.juniper.net/JSA11110

Vulnerability Database

289,697

CVE-2021-0220