Vulnerabilites related to citrix - netscaler_access_gateway
cve-2013-2767
Vulnerability from cvelistv5
Published
2013-04-25 20:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.citrix.com/article/ctx137238 | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/521612 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/ctx137238"
},
{
"name": "VU#521612",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/521612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-25T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/ctx137238"
},
{
"name": "VU#521612",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/521612"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/ctx137238",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/ctx137238"
},
{
"name": "VU#521612",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/521612"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2767",
"datePublished": "2013-04-25T20:00:00Z",
"dateReserved": "2013-04-07T00:00:00Z",
"dateUpdated": "2024-09-17T00:26:32.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4346
Vulnerability from cvelistv5
Published
2014-07-16 14:00
Modified
2024-08-06 11:12
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt | x_refsource_MISC | |
| http://www.securitytracker.com/id/1030573 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX140863 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94493 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/59942 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2014/Jul/77 | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id/1030572 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/532802/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/68535 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"
},
{
"name": "1030573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX140863"
},
{
"name": "citrix-netscaler-cve20144346-xss(94493)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94493"
},
{
"name": "59942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59942"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/77"
},
{
"name": "1030572",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030572"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
},
{
"name": "68535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"
},
{
"name": "1030573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX140863"
},
{
"name": "citrix-netscaler-cve20144346-xss(94493)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94493"
},
{
"name": "59942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59942"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/77"
},
{
"name": "1030572",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030572"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
},
{
"name": "68535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68535"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"
},
{
"name": "1030573",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030573"
},
{
"name": "http://support.citrix.com/article/CTX140863",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX140863"
},
{
"name": "citrix-netscaler-cve20144346-xss(94493)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94493"
},
{
"name": "59942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59942"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/77"
},
{
"name": "1030572",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030572"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
},
{
"name": "68535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68535"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4346",
"datePublished": "2014-07-16T14:00:00",
"dateReserved": "2014-06-20T00:00:00",
"dateUpdated": "2024-08-06T11:12:35.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1899
Vulnerability from cvelistv5
Published
2014-05-02 14:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030186 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/67177 | vdb-entry, x_refsource_BID | |
| https://support.citrix.com/article/CTX140291 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030186",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030186"
},
{
"name": "67177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX140291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1030186",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030186"
},
{
"name": "67177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX140291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030186",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030186"
},
{
"name": "67177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67177"
},
{
"name": "https://support.citrix.com/article/CTX140291",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX140291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1899",
"datePublished": "2014-05-02T14:00:00",
"dateReserved": "2014-02-07T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2881
Vulnerability from cvelistv5
Published
2014-05-01 14:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030180 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX140651 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030180",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX140651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-01T11:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1030180",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX140651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030180",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030180"
},
{
"name": "http://support.citrix.com/article/CTX140651",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX140651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2881",
"datePublished": "2014-05-01T14:00:00",
"dateReserved": "2014-04-17T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4347
Vulnerability from cvelistv5
Published
2014-07-16 14:00
Modified
2024-08-06 11:12
Severity ?
EPSS score ?
Summary
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94494 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1030573 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX140863 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/68537 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/59942 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2014/Jul/77 | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id/1030572 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/532802/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"
},
{
"name": "citrix-netscaler-cve20144347-info-disc(94494)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94494"
},
{
"name": "1030573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX140863"
},
{
"name": "68537",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68537"
},
{
"name": "59942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59942"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/77"
},
{
"name": "1030572",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030572"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"
},
{
"name": "citrix-netscaler-cve20144347-info-disc(94494)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94494"
},
{
"name": "1030573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX140863"
},
{
"name": "68537",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68537"
},
{
"name": "59942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59942"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/77"
},
{
"name": "1030572",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030572"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"
},
{
"name": "citrix-netscaler-cve20144347-info-disc(94494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94494"
},
{
"name": "1030573",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030573"
},
{
"name": "http://support.citrix.com/article/CTX140863",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX140863"
},
{
"name": "68537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68537"
},
{
"name": "59942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59942"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/77"
},
{
"name": "1030572",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030572"
},
{
"name": "20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4347",
"datePublished": "2014-07-16T14:00:00",
"dateReserved": "2014-06-20T00:00:00",
"dateUpdated": "2024-08-06T11:12:35.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2213
Vulnerability from cvelistv5
Published
2009-06-25 21:00
Modified
2024-10-21 16:31
Severity ?
EPSS score ?
Summary
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51274 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/35422 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/1641 | vdb-entry, x_refsource_VUPEN | |
| http://support.citrix.com/article/CTX118770 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "netscaler-default-unauth-access(51274)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51274"
},
{
"name": "35422",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35422"
},
{
"name": "ADV-2009-1641",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1641"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX118770"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2009-2213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T16:31:24.661375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:31:37.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "netscaler-default-unauth-access(51274)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51274"
},
{
"name": "35422",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35422"
},
{
"name": "ADV-2009-1641",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1641"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX118770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netscaler-default-unauth-access(51274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51274"
},
{
"name": "35422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35422"
},
{
"name": "ADV-2009-1641",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1641"
},
{
"name": "http://support.citrix.com/article/CTX118770",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX118770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2213",
"datePublished": "2009-06-25T21:00:00",
"dateReserved": "2009-06-25T00:00:00",
"dateUpdated": "2024-10-21T16:31:37.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2882
Vulnerability from cvelistv5
Published
2014-05-01 14:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030180 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX140651 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030180",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX140651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-01T11:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1030180",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX140651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030180",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030180"
},
{
"name": "http://support.citrix.com/article/CTX140651",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX140651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2882",
"datePublished": "2014-05-01T14:00:00",
"dateReserved": "2014-04-17T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-05-01 17:28
Modified
2024-11-21 02:07
Severity ?
Summary
Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ECB1B6A-F4F7-4C22-9F51-457B0ED67D1B",
"versionEndIncluding": "10.1.e",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7638230-4C1F-4595-87F3-F705E432371B",
"versionEndIncluding": "9.3.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "4D5D5DFC-F456-4085-BE20-13BD38301B04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45706C36-AB39-46A8-9E60-CB4D41ABD3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD151FA3-8B96-48AF-B908-C29EAE88EF5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la GUI de gesti\u00f3n en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway anterior a 9.3-66.5 y 10.x anterior a 10.1-122.17 tiene impacto y vectores no especificados, relacionado con validaci\u00f3n de certificado."
}
],
"id": "CVE-2014-2882",
"lastModified": "2024-11-21T02:07:07.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-01T17:28:36.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX140651"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX140651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030180"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-16 14:19
Modified
2024-11-21 02:10
Severity ?
Summary
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45706C36-AB39-46A8-9E60-CB4D41ABD3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA6FD03-E65E-49FE-ABA2-C4BCFEE7AA50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "4D5D5DFC-F456-4085-BE20-13BD38301B04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8972FF-1D8D-4641-B921-D4AB58994238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD151FA3-8B96-48AF-B908-C29EAE88EF5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie."
},
{
"lang": "es",
"value": "Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway (anteriormente Access Gateway Enterprise Edition) anterior a 9.3-62.4 y 10.x anterior a 10.1-126.12 permite a atacantes obtener informaci\u00f3n sensible a trav\u00e9s de vectores relacionados con una cookie."
}
],
"id": "CVE-2014-4347",
"lastModified": "2024-11-21T02:10:00.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-16T14:19:04.043",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Jul/77"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59942"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX140863"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68537"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030572"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030573"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94494"
},
{
"source": "cve@mitre.org",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Jul/77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX140863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-25 23:14
Modified
2024-11-21 01:04
Severity ?
Summary
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://support.citrix.com/article/CTX118770 | Broken Link, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/35422 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1641 | Permissions Required | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/51274 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.citrix.com/article/CTX118770 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35422 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1641 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/51274 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | netscaler_access_gateway_firmware | * | |
| citrix | netscaler_access_gateway_firmware | 7.0 | |
| citrix | netscaler_access_gateway_firmware | 8.0 | |
| citrix | netscaler_access_gateway_firmware | 9.0 | |
| citrix | netscaler_access_gateway | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2AF148-E1B5-427B-97E2-AEEC59D72162",
"versionEndIncluding": "8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA4BFC4-A82E-4820-AB97-2EF9D9EA9276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B80F696E-74A8-432C-BA31-6CE158B4DB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD93B7C-E6C1-42F0-8963-C33EF0F6B88D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "4D5D5DFC-F456-4085-BE20-13BD38301B04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto en las caracter\u00edsticas de seguridad globales en el appliance Citrix NetScaler Access Gateway con el firmware Enterprise Edition 9.0, 8.1 y versiones anteriores especifica la opci\u00f3n \"Allow for the Default Authorization Action\" lo que puede permitir a usuarios remotos autenticados evitar las restricciones de acceso previstas."
}
],
"id": "CVE-2009-2213",
"lastModified": "2024-11-21T01:04:24.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-06-25T23:14:15.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX118770"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/35422"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2009/1641"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX118770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/35422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2009/1641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-25 20:55
Modified
2024-11-21 01:52
Severity ?
Summary
Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://support.citrix.com/article/ctx137238 | Vendor Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/521612 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.citrix.com/article/ctx137238 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/521612 | US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D951535-13E6-4CAF-8D8A-43A2E68D1C5A",
"versionEndIncluding": "9.3.61.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4540051A-52DA-43D7-B0F4-C0EED00209FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "801E1382-88D5-4526-A301-31400A490FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45706C36-AB39-46A8-9E60-CB4D41ABD3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3:agee_common_criteria_build:*:*:*:*:*:*",
"matchCriteriaId": "4F192110-9E33-42EF-9BBF-C94A034DE5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53D2B7EB-9044-41BD-BF6B-4D31D71F9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.0.74.4:*:*:*:*:*:*:*",
"matchCriteriaId": "161CFE7D-57CE-4D44-98CF-2E3631AEDD2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "4D5D5DFC-F456-4085-BE20-13BD38301B04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Citrix NetScaler Access Gateway Enterprise Edition (AGEE) antes de v9.3.62.4 y v10.x hasta v10.0.74.4 y NetScaler AGEE Common Criteria antes de v9.3.53.6, permite a atacantes remotos evitar las restricciones de acceso a la intranet destinados a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2013-2767",
"lastModified": "2024-11-21T01:52:20.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-25T20:55:10.003",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/ctx137238"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/521612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/ctx137238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/521612"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-01 17:28
Modified
2024-11-21 02:07
Severity ?
Summary
Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45706C36-AB39-46A8-9E60-CB4D41ABD3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD151FA3-8B96-48AF-B908-C29EAE88EF5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ECB1B6A-F4F7-4C22-9F51-457B0ED67D1B",
"versionEndIncluding": "10.1.e",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7638230-4C1F-4595-87F3-F705E432371B",
"versionEndIncluding": "9.3.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "4D5D5DFC-F456-4085-BE20-13BD38301B04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la implementaci\u00f3n de acuerdo clave Diffie-Hellman en el Applet Java de gesti\u00f3n de la interfaz gr\u00e1fica de usuario en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway anterior a 9.3-66.5 y 10.x anterior a 10.1-122.17 tiene impacto y vectores desconocidos."
}
],
"id": "CVE-2014-2881",
"lastModified": "2024-11-21T02:07:07.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-01T17:28:36.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX140651"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX140651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030180"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-02 14:55
Modified
2024-11-21 02:05
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | netscaler_access_gateway_firmware | 9.3 | |
| citrix | netscaler_access_gateway_firmware | 9.3.61.5 | |
| citrix | netscaler_access_gateway_firmware | 9.3.62.4 | |
| citrix | netscaler_access_gateway_firmware | 10.0 | |
| citrix | netscaler_access_gateway_firmware | 10.0.74.4 | |
| citrix | netscaler_access_gateway_firmware | 10.1 | |
| citrix | netscaler_access_gateway | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45706C36-AB39-46A8-9E60-CB4D41ABD3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3.61.5:*:*:*:*:*:*:*",
"matchCriteriaId": "244DD443-0E84-4294-8A41-A44AB4FA1267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3.62.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD6FBD0-10C6-45DB-899C-D0E726C8F8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53D2B7EB-9044-41BD-BF6B-4D31D71F9384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.0.74.4:*:*:*:*:*:*:*",
"matchCriteriaId": "161CFE7D-57CE-4D44-98CF-2E3631AEDD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA6FD03-E65E-49FE-ABA2-C4BCFEE7AA50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "4D5D5DFC-F456-4085-BE20-13BD38301B04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Citrix NetScaler Gateway (anteriormente Citrix Access Gateway Enterprise Edition) 9.x anterior a 9.3.66.5 y 10.x anterior a 10.1.123.9 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-1899",
"lastModified": "2024-11-21T02:05:14.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-02T14:55:05.933",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67177"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030186"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX140291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX140291"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-16 14:19
Modified
2024-11-21 02:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.1 | |
| citrix | netscaler_application_delivery_controller | - | |
| citrix | netscaler_access_gateway_firmware | 10.1 | |
| citrix | netscaler_access_gateway | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD151FA3-8B96-48AF-B908-C29EAE88EF5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA6FD03-E65E-49FE-ABA2-C4BCFEE7AA50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "4D5D5DFC-F456-4085-BE20-13BD38301B04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz del usuario de administraci\u00f3n en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway (anteriormente Access Gateway Enterprise Edition) 10.1 anterior a 10.1-126.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-4346",
"lastModified": "2024-11-21T02:10:00.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-16T14:19:03.997",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Jul/77"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59942"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX140863"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68535"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030572"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030573"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94493"
},
{
"source": "cve@mitre.org",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Jul/77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX140863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532802/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}