The Juniper Secure Analytics (JSA) platform, specifically versions up through 7.5.0 UP7, has been identified with multiple critical vulnerabilities that have now been addressed in the release of Juniper Secure Analytics 7.5.0 UP7 IF03 and subsequent versions.
These vulnerabilities encompass a range of issues across various components, including Java-related vulnerabilities (CVE-2023-22045, CVE-2023-22049) that could potentially allow an unauthenticated attacker to compromise Oracle Java SE, Jetty vulnerabilities (CVE-2023-26049, CVE-2023-36478, CVE-2023-36479) allowing cookie smuggling and HTTP/2 protocol exploitation, Linux kernel issues (CVE-2023-32233, CVE-2023-35001), as well as vulnerabilities in Spring, Apache Tomcat, and IBM Qradar SIEM.
These vulnerabilities span from unauthorized access to data within Java environments to potential arbitrary code execution, SQL injection, URL redirection, and information leakage. Notably, the severity of these issues varies, with some allowing unprivileged local users to gain root privileges (CVE-2023-32233) or enabling remote code execution through manipulated serialized class types (CVE-2023-46604). Juniper has released updates specifically addressing these vulnerabilities in Juniper Secure Analytics 7.5.0 UP7 IF03 and later versions.
Users are strongly advised to upgrade their software to the fixed releases available through the Juniper support downloads page, as there are no known workarounds for these issues. The Juniper Secure Analytics team, while actively resolving these vulnerabilities, doesn’t evaluate releases beyond End of Engineering (EOE) or End of Life (EOL), emphasizing the importance of applying the available updates to mitigate these critical security risks.
