Vendor scorecard
Barracuda
Barracuda security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: barracuda
Product families
3
Open in latest
6
Inferred — see methodology
Last disclosure
Jan 1, 2023
01
Product categories
3 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Web Application FirewallNGFW / Network Security · Application Delivery / ADCweb_application_firewall, load_balancer_adc | 2 | 6 | 6.0.1.006LOW | ||
| CloudGen FirewallNGFW / Network Security · Secure Remote Access / VPNcloudgen_firewall, cloudgen_firewall_firmware | 0 | 0 | unknown | ||
| Email Security GatewayNGFW / Network Securityemail_security_gateway, email_security_gateway_appliance | 0 | 0 | unknown |
02
Recent CVEs
8 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2021-41823(opens NVD record) | Medium | 6.1 | The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism. | Jan 1, 2023 |
| CVE-2021-45105(opens NVD record) | Medium | 5.9 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | Dec 18, 2021 |
| CVE-2019-5648(opens NVD record) | Medium | 6.5 | Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network. | Mar 12, 2020 |
| CVE-2014-2595(opens NVD record) | Critical | 9.8 | Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. | Feb 12, 2020 |
| CVE-2018-3639(opens NVD record) | Medium | 5.5 | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | May 22, 2018 |
| CVE-2017-15524(opens NVD record) | Critical | 9.1 | The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. | Dec 19, 2017 |
| CVE-2017-6320(opens NVD record) | High | 8.8 | A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. | Jul 18, 2017 |
| CVE-2011-3140(opens NVD record) | Medium | 5.0 | IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server. | Aug 15, 2011 |
2 CVEs · 3 product families