CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-12989

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score29.5730%
EPSS Percentile92.20th
Published2019年7月16日
Last Modified2025年11月6日

Vulnerability Description

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.

Affected Platforms (CPE)

📦
Citrix

Netscaler Sd Wan

>= 10.0.0 and < 10.0.8
📦
Citrix

Sd Wan

>= 10.2.0 and < 10.2.3

References & Advisories

🔗 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html
🔗 http://www.securityfocus.com/bid/109133
🔗 https://support.citrix.com/article/CTX251987
🔗 https://www.tenable.com/security/research/tra-2019-32
🔗 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html
🔗 http://www.securityfocus.com/bid/109133
🔗 https://support.citrix.com/article/CTX251987
🔗 https://www.tenable.com/security/research/tra-2019-32

相关漏洞威胁

CVE-2019-108839.8

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.

CVE-2019-129859.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

CVE-2019-129869.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).

CVE-2019-129879.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).