CVE-2024-39565

An Improper Neutralization of Data within XPath Expressions (&amp;#39;XPath Injection&amp;#39;) vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. <br /> <br /> While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user&amp;#39;s credentials. In the worst case, the attacker will have full control over the device.<br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * All versions before 21.2R3-S8, <br /> * from 21.4 before 21.4R3-S7,<br /> * from 22.2 before 22.2R3-S4,<br /> * from 22.3 before 22.3R3-S3,<br /> * from 22.4 before 22.4R3-S2,<br /> * from 23.2 before 23.2R2,<br /> * from 23.4 before 23.4R1-S1, 23.4R2.