Watchguard XCS : Security vulnerabilities, CVEs

Copy

CVE-2015-5453

Public exploit

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.

Max CVSS

6.5

EPSS Score

2.60%

Published

2015-07-08

Updated

2016-11-28

CVE-2015-5452

SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.

Max CVSS

7.5

EPSS Score

5.40%

Published

2015-07-08

Updated

2016-11-28

CVE-2011-2165

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Max CVSS

6.8

EPSS Score

0.20%

Published

2011-05-23

Updated

2017-08-29

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!