Ng Firewall@14.2.0 Security Vulnerabilities and Issues — Ng Firewall@14.2.0 CVE List

Lucene search

UntangleNg Firewall14.2.0

4 matches found

CVE•added 2019/11/14 3:15 p.m.•41 views

CVE-2019-18649

When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.

4.8CVSS5AI score0.00321EPSS

CVE•added 2019/11/14 3:15 p.m.•38 views

CVE-2019-18647

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.

9CVSS7.1AI score0.01451EPSS

CVE•added 2019/11/14 3:15 p.m.•37 views

CVE-2019-18646

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.

7.2CVSS7.2AI score0.00444EPSS

CVE•added 2019/11/14 3:15 p.m.•29 views

CVE-2019-18648

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.

4.8CVSS4.9AI score0.00321EPSS