Contrail Juniper Networks Contrail

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Juniper Networks Contrail.

By the Year

In 2024 there have been 0 vulnerabilities in Juniper Networks Contrail . Contrail did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Contrail vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Juniper Networks Contrail Security Vulnerabilities

The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may

CVE-2017-10617 5 - Medium - October 13, 2017

The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

XXE

The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials

CVE-2017-10616 5.3 - Medium - October 13, 2017

The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

Use of Hard-coded Credentials

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Juniper Networks Contrail or by Juniper Networks? Click the Watch button to subscribe.

subscribe