Lucene search

Ng Firewall Security Vulnerabilities

cve

CVE-2019-18646

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.

7.2CVSS

7.2AI Score

0.001EPSS

2019-11-14 03:15 PM

cve

CVE-2019-18647

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.

7.2CVSS

7.1AI Score

0.002EPSS

2019-11-14 03:15 PM

cve

CVE-2019-18648

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.

4.8CVSS

4.9AI Score

0.001EPSS

2019-11-14 03:15 PM

cve

CVE-2019-18649

When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.

4.8CVSS

5AI Score

0.001EPSS

2019-11-14 03:15 PM