Vulnerabilities > Barracuda > Medium
|2020-03-12||CVE-2019-5648|| Insufficiently Protected Credentials vulnerability in Barracuda Load Balancer ADC Firmware |
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials.
| 5.5 |
|2018-12-23||CVE-2018-20369|| Cross-site Scripting vulnerability in Barracuda Message Archiver 2018 |
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module.
| 4.3 |
|2015-05-25||CVE-2015-0962|| Source Code vulnerability in Barracuda web Filter |
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
| 4.3 |
|2015-05-25||CVE-2015-0961|| Unspecified vulnerability in Barracuda web Filter |
Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
| 4.3 |