CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 3CVE-2019-12989 – Citrix SD-WAN and NetScaler SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-12989
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. SD-WAN versiones 10.2.x anteriores a 10.2.3 de Citrix y SD-WAN versiones 10.0.x anteriores a 10.0.8 de NetScaler, permiten una Inyección SQL. Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities. Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. • https://www.exploit-db.com/exploits/47112 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987 https://www.tenable.com/security/research/tra-2019-32 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 23%CPEs: 2EXPL: 3CVE-2019-12991 – Citrix SD-WAN and NetScaler Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-12991
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). SD-WAN versiones 10.2.x anteriores a 10.2.3 de Citrix y SD-WAN versiones 10.0.x anteriores a 10.0.8 de NetScaler, presentan una Comprobación de Entrada Inapropiada (problema 5 de 6). Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities. Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. • https://www.exploit-db.com/exploits/47112 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987 https://www.tenable.com/security/research/tra-2019-32 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 89%CPEs: 4EXPL: 1CVE-2019-10883
https://notcve.org/view.php?id=CVE-2019-10883
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. Citrix SD-WAN Center 10.2.x antes de 10.2.1 y NetScaler SD-WAN Center 10.0.x antes de 10.0.7 permite la inyección de comandos. • https://support.citrix.com/article/CTX247737 https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin https://www.tenable.com/security/research https://www.tenable.com/security/research/tra-2019-18 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-12044
https://notcve.org/view.php?id=CVE-2019-12044
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. Existe un desbordamiento de búfer en Citrix NetScaler Gateway versiones 10.5.x, anteriores 10.5.70.x, versiones 11.1.x, anteriores 11.1.59.10, versiones 12.0.x ,anteriores 12.0.59.8, y versiones 12.1.x anterior 12.1.49.23 y Citrix Application Delivery Controller versiones 10.5.x, anterior 10.5.70.x, versión 11.1.x anterior 11.1.59.10, versión 12.0.x anterior 12.0.59.8,y versión 12.1.x anterior 12.1.49.23. • https://support.citrix.com/article/CTX249976 https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11550
https://notcve.org/view.php?id=CVE-2019-11550
Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. Citrix SD-WAN 10.2.x versiones anteriores a 10.2.1 y NetScaler SD-WAN 10.0.x anteriores a 10.0.7 tienen una validación de certificado incorrecta. • https://support.citrix.com/article/CTX247735 https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin • CWE-295: Improper Certificate Validation •