CVSS: 9.8EPSS: 81%CPEs: 2EXPL: 4CVE-2019-12991 – Citrix SD-WAN and NetScaler Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-12991
15 Jul 2019 — Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). SD-WAN versiones 10.2.x anteriores a 10.2.3 de Citrix y SD-WAN versiones 10.0.x anteriores a 10.0.8 de NetScaler, presentan una Comprobación de Entrada Inapropiada (problema 5 de 6). Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities. Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appli... • https://packetstorm.news/files/id/153638 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 81%CPEs: 2EXPL: 4CVE-2019-12989 – Citrix SD-WAN and NetScaler SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-12989
15 Jul 2019 — Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. SD-WAN versiones 10.2.x anteriores a 10.2.3 de Citrix y SD-WAN versiones 10.0.x anteriores a 10.0.8 de NetScaler, permiten una Inyección SQL. Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities. Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. • https://packetstorm.news/files/id/153638 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 51%CPEs: 4EXPL: 1CVE-2019-10883
https://notcve.org/view.php?id=CVE-2019-10883
03 Jun 2019 — Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. Citrix SD-WAN Center 10.2.x antes de 10.2.1 y NetScaler SD-WAN Center 10.0.x antes de 10.0.7 permite la inyección de comandos. • https://support.citrix.com/article/CTX247737 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11550
https://notcve.org/view.php?id=CVE-2019-11550
08 May 2019 — Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. Citrix SD-WAN 10.2.x versiones anteriores a 10.2.1 y NetScaler SD-WAN 10.0.x anteriores a 10.0.7 tienen una validación de certificado incorrecta. • https://support.citrix.com/article/CTX247735 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 0CVE-2018-17444 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17444
23 Oct 2018 — A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de salto de directorio en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL ... • http://www.securityfocus.com/bid/105711 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2018-17445 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17445
23 Oct 2018 — A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de inyección de comandos en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL ... • http://www.securityfocus.com/bid/105711 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17446 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17446
23 Oct 2018 — A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de inyección SQL en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, a... • http://www.securityfocus.com/bid/105711 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17447 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17447
23 Oct 2018 — An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de exposición de información mediante archivos de registro en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information expo... • http://www.securityfocus.com/bid/105711 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17448 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17448
23 Oct 2018 — An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de control de acceso incorrecto en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofi... • http://www.securityfocus.com/bid/105711 •
CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 0CVE-2018-5314
https://notcve.org/view.php?id=CVE-2018-5314
01 Mar 2018 — Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. Vulnerabilidad de inyección de comandos en Citrix NetScaler ADC y NetScaler Gateway en versiones 11.0 anterio... • http://www.securityfocus.com/bid/103186 • CWE-287: Improper Authentication •