CVE-2019-12988
https://notcve.org/view.php?id=CVE-2019-12988
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). SD-WAN versiones 10.2.x anteriores a 10.2.3 de Citrix y SD-WAN versiones 10.0.x anteriores a 10.0.8 de NetScaler, presentan una Comprobación de Entrada Inapropiada (problema 4 de 6). • http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987 https://www.tenable.com/security/research/tra-2019-31 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-12990
https://notcve.org/view.php?id=CVE-2019-12990
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. SD-WAN versiones 10.2.x anteriores a 10.2.3 de Citrix y SD-WAN versiones 10.0.x anteriores a 10.0.8 de NetScaler, permiten un Salto de Directorio. • http://www.securityfocus.com/bid/109133 https://support.citrix.com/search?searchQuery=%2A&lang=en&sort=relevance&prod=&pver=&ct=Security+Bulletin https://www.tenable.com/security/research/tra-2019-31 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-12992
https://notcve.org/view.php?id=CVE-2019-12992
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). SD-WAN versiones 10.2.x anteriores a 10.2.3 de Citrix y SD-WAN versiones 10.0.x anteriores a 10.0.8 de NetScaler, presentan una Comprobación de Entrada Inapropiada (problema 6 de 6). • http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987 https://www.tenable.com/security/research/tra-2019-31 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-12989 – Citrix SD-WAN and NetScaler SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-12989
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. SD-WAN versiones 10.2.x anteriores a 10.2.3 de Citrix y SD-WAN versiones 10.0.x anteriores a 10.0.8 de NetScaler, permiten una Inyección SQL. Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities. Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. • https://www.exploit-db.com/exploits/47112 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987 https://www.tenable.com/security/research/tra-2019-32 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-12991 – Citrix SD-WAN and NetScaler Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-12991
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). SD-WAN versiones 10.2.x anteriores a 10.2.3 de Citrix y SD-WAN versiones 10.0.x anteriores a 10.0.8 de NetScaler, presentan una Comprobación de Entrada Inapropiada (problema 5 de 6). Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities. Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. • https://www.exploit-db.com/exploits/47112 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987 https://www.tenable.com/security/research/tra-2019-32 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •