CVE-2022-22190— Paragon Active Assurance Control Center: Information disclosure vulnerability in crafted URL
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-22190
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Paragon Active Assurance Control Center: Information disclosure vulnerability in crafted URL
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Paragon 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Paragon是美国Juniper公司的一个应用软件。一个实时网络拓扑视图。 Juniper Networks Paragon Active Assurance Control Center 3.1.0版本存在访问控制错误漏洞,该漏洞源于存在一个不正确的访问控制漏洞。攻击者利用该漏洞通过特制的URL生成PDF报告,其中可能包含敏感的配置信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Juniper Networks | Paragon Active Assurance | 3.1.0 | - |
II. Public POCs for CVE-2022-22190
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-22190
请登录查看更多情报信息。
Same Patch Batch · Juniper Networks · 2022-04-14 · 16 CVEs total
| CVE-2022-22182 | 8.8 HIGH | Junos OS: A XSS vulnerability allows an attacker to execute commands on a target J-Web ses |
| CVE-2022-22181 | 8.0 HIGH | Junos OS: J-Web can be compromised through reflected XSS attacks |
| CVE-2022-22187 | 7.8 HIGH | JIMS: Local Privilege Escalation vulnerability via repair functionality |
| CVE-2022-22198 | 7.5 HIGH | Junos OS: MX MS-MPC or MS-MIC, or SRX SPC crashes if it receives a SIP message with a spec |
| CVE-2022-22197 | 7.5 HIGH | Junos OS and Junos OS Evolved: An rpd core will be observed with proxy BGP route-target fi |
| CVE-2022-22195 | 7.5 HIGH | Junos OS Evolved: Specific packets reaching the RE lead to a counter overflow and eventual |
| CVE-2022-22194 | 7.5 HIGH | Junos OS Evolved: PTX series: An attacker sending a crafted GRE packet will cause the PFE |
| CVE-2022-22188 | 7.5 HIGH | Junos OS: QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series: When storm control |
| CVE-2022-22185 | 7.5 HIGH | Junos OS: SRX Series: Denial of service vulnerability in flowd daemon upon receipt of a sp |
| CVE-2022-22183 | 7.5 HIGH | Junos OS Evolved: A remote attacker may cause a CPU Denial of Service by sending genuine t |
| CVE-2022-22189 | 7.3 HIGH | Contrail Service Orchestration: An authenticated local user may have their permissions ele |
| CVE-2022-22186 | 7.2 HIGH | Junos OS: EX4650 Series: Certain traffic received by the Junos OS device on the management |
| CVE-2022-22196 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: The rpd CPU spikes to 100% after a malformed ISIS TLV has b |
| CVE-2022-22191 | 6.5 MEDIUM | Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traf |
| CVE-2022-22193 | 5.5 MEDIUM | Junos OS and Junos OS Evolved: In a BGP rib-sharding scenario when a certain CLI command i |
IV. Related Vulnerabilities
Same product: Paragon Active Assurance
Same vendor: Juniper Networks
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33784
JSI Virtual Lightweight Collector: Default password is not r
Same weakness: CWE-284
- CVE-2026-8233
Dotouch XproUPF access control - CVE-2026-42569
phpvms: /importer authorization bypass causing full database - CVE-2026-42205
Avo: Broken Access Control: Unauthorized Execution of Arbitr - CVE-2026-41487
Langfuse: Improper role-based-access control in Langfuse LLM - CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets
V. Comments for CVE-2022-22190
No comments yet