Juniper: 225 security vulnerabilities in Secure Analytics

Admins using Juniper Networks Secure Analytics should download and apply the update now available as soon as possible. The highest severity of the patched vulnerabilities is "critical", Juniper indicates a CVSS value of 9.8. Secure Analytics is a so-called SIEM, i.e. software for monitoring (network) security and managing any necessary responses to incidents.

Juniper's developers list the closed gaps in a security announcement. The two-part list contains a total of 225 entries. Some CVE entries indicate that old components are being used. The very first entry in the list refers to a vulnerability from 2007, which affects a module for processing tar archives in Python, for example, with medium severity. However, there are also several current CVE entries from this year.

Juniper: Update closes the large wave of security vulnerabilities

The vulnerabilities affect all Juniper Secure Analytics versions before 7.5.0 UP8 and 7.5.0 UP8 IF02, according to the developers. To correct the security-relevant errors, it is therefore necessary to install the update to version 7.5.0 UP8 IF03 or newer.

The software update should be available in the download area of the Juniper support portal. There are no workarounds, Juniper writes in the security announcement - understandably, temporary countermeasures against 225 security vulnerabilities cannot be set up manually in a meaningful way.

Read also

Juniper Networks bessert zahlreiche Schwachstellen aus

---

HPE übernimmt Juniper: Mit 14 Milliarden Dollar zur Nummer Eins?

Juniper Networks last published numerous security advisories in January. At that time, 27 security advisories addressed security vulnerabilities, some of them critical, in Junos OS, Junos OS Evolved and various hardware from the manufacturer.

In addition, Hewlett Packard Enterprise (HPE) acquired the network equipment provider in January for around 14 billion US dollars. The obvious aim of this is to overthrow Cisco as market leader.

(dmk)