Vigil@nce - Juniper SA, UAC, IVE: three vulnerabilities
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
Three vulnerabilities impact the Juniper Secure Access (SA) and
Juniper Unified Access Control (UAC) products.
Severity: 2/4
Creation date: 10/06/2010
DESCRIPTION OF THE VULNERABILITY
Three vulnerabilities were announced in Juniper Secure Access (SA)
and Juniper Unified Access Control (UAC) products.
Before IVE OS 6.5 and UAC 3.1, a user could connect to a malicious
SA/UAC server, because no white list was implemented.
[severity:1/4; PSN-2010-05-750]
An attacker can generate a Cross Site Scripting, in the logout
feature. [severity:2/4; BID-40729, PSN-2010-05-751]
An attacker can generate a Cross Site Scripting, via the uninstall
link of Windows Secure Application Manager. [severity:2/4;
PSN-2010-05-753]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Juniper-SA-UAC-IVE-three-vulnerabilities-9702