Vulnerabilities > Untangle

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-12	CVE-2020-17494	Inadequate Encryption Strength vulnerability in Untangle Firewall NG Untangle Firewall NG before 16.0 uses MD5 for passwords. network low complexity untangle CWE-326	5.3
2019-11-14	CVE-2019-18649	Cross-site Scripting vulnerability in Untangle NG Firewall 14.2.0 When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. network low complexity untangle CWE-79	4.8
2019-11-14	CVE-2019-18648	Cross-site Scripting vulnerability in Untangle NG Firewall 14.2.0 When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. network low complexity untangle CWE-79	4.8
2019-11-14	CVE-2019-18647	Command Injection vulnerability in Untangle NG Firewall 14.2.0 The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. network low complexity untangle CWE-77	7.2
2019-11-14	CVE-2019-18646	SQL Injection vulnerability in Untangle NG Firewall 14.2.0 The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. network low complexity untangle CWE-89	7.2

Vulnerabilities > Untangle {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Untangle"}]}