4 matches found
CVE-2019-18649
The CVE-2019-18649 entry concerns Untangle NG firewall 14.2.0 where an admin-authenticated user can trigger a stored XSS in the Title input under Reports. Documented impact metrics include CVSS v2 base score 3.5 (LOW) and CVSS v3.1 base score 4.8 (MEDIUM); both indicate potential confidentiality/...
CVE-2019-18647
CVE-2019-18647 concerns Untangle NG firewall 14.2.0, with an authenticated command injection when logged in as an admin user. The vulnerability is described across multiple sources (NVD, Red Hat advisory, CVE lists) and is classified with high impact (C/H/I/A) and a high base score (CVSS v3.1: 7....
CVE-2019-18646
Affected product/versions: Untangle NG firewall 14.2.0. Vulnerability: authenticated inline-query SQL injection in the timeDataDynamicColumn parameter when logged in as an admin user. Root cause: improper handling of inline SQL in the affected parameter. Impact: not explicitly quantified beyond t...
CVE-2019-18648
CVE-2019-18648 affects Untangle NG firewall 14.2.0 with a reflected XSS vulnerability exploitable when an administrator is logged in. The weakness is reported at multiple input fields and other input points, enabling injection of malicious scripts via user-supplied data. The provided documents in...