threat
engine
.sh
Back
·
··:··
Home
/
Product
/
juniper junos space
Product
juniper junos space
78 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-21907
< 24.1
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows th
5.9
MEDIUM
CVE-2025-60009
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-60002
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-60001
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-60000
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59999
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59998
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59997
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59996
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59995
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59994
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59993
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59992
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59991
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59990
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59989
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59988
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59987
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59986
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59985
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59984
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59983
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59982
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59981
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
6.1
MEDIUM
CVE-2025-59978
< 24.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Sp
9.0
CRITICAL
CVE-2025-59976
< 24.1
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated
6.5
MEDIUM
CVE-2025-59975
< 22.2
An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenti
7.5
HIGH
CVE-2024-39563
all versions
A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a spe
7.3
HIGH
CVE-2021-0220
all versions
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed thr
6.8
MEDIUM
CVE-2020-1611
all versions
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the d
6.5
MEDIUM
CVE-2019-0017
all versions
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow up
6.5
MEDIUM
CVE-2019-0016
all versions
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges throu
6.5
MEDIUM
CVE-2018-0047
all versions
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated
8.0
HIGH
CVE-2018-0046
all versions
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sen
8.8
HIGH
CVE-2014-3413
all versions
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allow
9.8
CRITICAL
CVE-2018-0013
all versions
A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user t
6.5
MEDIUM
CVE-2018-0012
<= 17.2
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privile
7.8
HIGH
CVE-2018-0011
all versions
A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject we
5.4
MEDIUM
CVE-2018-0010
all versions
A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to re
6.5
MEDIUM
CVE-2017-10624
<= 16.1
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to m
7.5
HIGH
CVE-2017-10623
<= 16.2
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of
7.1
HIGH
CVE-2017-10622
all versions
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthentica
9.8
CRITICAL
CVE-2017-10612
<= 16.1r3
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to imp
8.0
HIGH
CVE-2016-1265
<= 15.1r2
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain acces
9.8
CRITICAL
CVE-2017-2311
<= 16.1
On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space de
5.3
MEDIUM
CVE-2017-2310
<= 15.2
A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit cer
5.3
MEDIUM
CVE-2017-2309
<= 16.1
On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space clus
5.9
MEDIUM
CVE-2017-2308
<= 16.1
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated
6.5
MEDIUM
CVE-2017-2307
<= 15.2
A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 1
6.1
MEDIUM
CVE-2017-2306
<= 16.1
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos
8.8
HIGH
CVE-2017-2305
<= 16.1
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos
8.8
HIGH
CVE-2016-4931
<= 15.2
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.
6.5
MEDIUM
CVE-2016-4930
<= 15.2
Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or pe
6.1
MEDIUM
CVE-2016-4929
<= 15.2
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
8.8
HIGH
CVE-2016-4928
<= 15.2
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative ac
8.8
HIGH
CVE-2016-4927
<= 15.2
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space dev
8.1
HIGH
CVE-2016-4926
<= 15.2
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Spac
9.8
CRITICAL
CVE-2015-2620
<= 15.1
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to af
CVE-2015-3209
<= 15.1
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet w
CVE-2015-0501
<= 15.1
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
CVE-2014-6559
<= 15.1
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect con
CVE-2014-6500
<= 15.1
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect con
CVE-2014-6496
<= 15.1
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect ava
CVE-2014-6495
<= 15.1
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect ava
CVE-2014-6494
<= 15.1
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect ava
CVE-2014-6491
<= 15.1
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confi
CVE-2014-6478
<= 15.1
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect int
CVE-2014-3412
<= 13.1
Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execut
CVE-2014-2421
< 15.1
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote atta
CVE-2014-0460
< 15.1
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allo
CVE-2014-0457
< 15.1
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 a
CVE-2014-0456
< 15.1
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confid
CVE-2014-0453
< 15.1
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allo
CVE-2014-0429
< 15.1
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allo
CVE-2013-5097
all versions
Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to t
CVE-2013-5096
all versions
Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based
CVE-2013-5095
all versions
Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500
CVE-2013-3497
<= 12.3
Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a con
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin