Vulnerabilites related to citrix - xenapp
Vulnerability from fkie_nvd
Published
2008-10-22 10:30
Modified
2024-11-21 00:52
Severity ?
Summary
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | access_essentials | 1.0 | |
| citrix | access_essentials | 1.5 | |
| citrix | access_essentials | 2.0 | |
| citrix | presentation_server | 4.0 | |
| citrix | xenapp | * | |
| citrix | xenapp | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9F197-991D-4920-BE9A-2E3495E76CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21B89150-1806-481D-B0D9-FD37BA4798D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D04505CA-D715-4094-9B39-61FA8BDB3A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "967F31B0-0299-4BCE-91E5-45E2B38CFCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:*:fp1:*:*:*:*:*:*",
"matchCriteriaId": "60589E82-E176-4C0C-9034-B3E5C1F6B3D6",
"versionEndIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBAEA3D-7E35-4C89-B416-8CDEB3286253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Citrix XenApp (formalmente Presentation Server) 4.5 Feature Pack 1 y versiones anteriores, Presentation Server 4.0, y Access Essentials 1.0, 1.5, y 2.0 permite a los usuarios locales obtener privilegios a trav\u00e9s de vectores de ataque desconocidos relativos a la creaci\u00f3n de un archivo no especificado. NOTA: esto deber\u00eda de ser el mismo asunto que CVE-2008-3485, pero el anuncio del vendedor es tan impreciso como para ser cierto."
}
],
"id": "CVE-2008-4676",
"lastModified": "2024-11-21T00:52:15.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T10:30:01.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32017"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX116310"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31484"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020954"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2702"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX116310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-14 14:30
Modified
2024-11-21 01:04
Severity ?
Summary
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | presentation_server | 4.5 | |
| citrix | presentation_server | 4.5 | |
| citrix | presentation_server | 4.5 | |
| citrix | presentation_server | 4.5 | |
| citrix | xenapp | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.5:-:se:*:*:*:*:*",
"matchCriteriaId": "9A5474BB-764E-4F80-BD5C-9B48AAA9FBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.5:-:windows_server_2003:*:*:*:*:*",
"matchCriteriaId": "EA42A3AA-CCF9-4F28-AE9B-0E7B104BD3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.5:-:windows_server_2003_x64:*:*:*:*:*",
"matchCriteriaId": "CA9F8CAD-D918-49B7-A3AF-13624164DF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.5:fp1:*:*:*:*:*:*",
"matchCriteriaId": "7A1BC10D-DCDF-4360-9224-740DDB5C7726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:4.5:fp3:*:*:*:*:*:*",
"matchCriteriaId": "4BB59B90-3BB9-479C-B998-E2BBA6D1BFDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors."
},
{
"lang": "es",
"value": "Citrix XenApp (anteriormente Presentation Server) v4.5 Hotfix Rollup Pack 3 no aplica adecuadamente la pol\u00edtica de accesos cuando es definida con los filtros Access Gateway Advanced Edition, lo cual permite a atacantes remotos evitar las restricciones previstas a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-2453",
"lastModified": "2024-11-21T01:04:54.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-14T14:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53900"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34865"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX118792"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34691"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1022114"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX118792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1022114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1154"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-26 22:55
Modified
2024-11-21 01:44
Severity ?
Summary
The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenapp:6.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C455A80D-45E2-4963-981D-610D9C24391C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:6.5.0.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "77764071-4A37-40C3-AAC1-3CAB5F2ACB50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "La interfaz del servicio XML de Citrix XenApp v6.5 y Feature Pack 1 v6.5 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2012-5161",
"lastModified": "2024-11-21T01:44:10.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-26T22:55:03.253",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/88368"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51538"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX135066"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56907"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027868"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/88368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX135066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80627"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-01 22:59
Modified
2024-11-21 02:53
Severity ?
Summary
Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenapp | 7.5 | |
| citrix | xenapp | 7.6 | |
| citrix | xendesktop | 7.0 | |
| citrix | xendesktop | 7.1 | |
| citrix | xendesktop | 7.5 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32E4F74A-5F0E-4594-9BB3-8041BEE338C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98334CF7-5B0E-42EC-919C-FBDECFD4D810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22560F24-4D19-41E3-BEFD-4AABB8E289E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B75A1E4B-38FB-427D-9293-2113B00CE60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD95B20-D022-4DDA-862A-2744F303D5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "12D36FDF-2923-4E9C-8B94-688A56A4E047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:fp1:*:*:*:*:*:*",
"matchCriteriaId": "986EAB37-3DFE-4C89-A066-EE4A46EB4CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:fp2:*:*:*:*:*:*",
"matchCriteriaId": "58C64C20-B5E7-4698-BD76-86C06648C5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:fp3:*:*:*:*:*:*",
"matchCriteriaId": "87AA263B-AF98-4BF2-9306-C396389A727C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:ltsr:*:*:*:*:*:*",
"matchCriteriaId": "40305BFB-58B4-4A60-BE6C-1074C6D4F205",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors."
},
{
"lang": "es",
"value": "Citrix Studio en versiones anteriores a 7.6.1000, Citrix XenDesktop 7.x en versiones anteriores a 7.6 LTSR Cumulative Update 1 (CU1) y Citrix XenApp 7.5 y 7.6 permiten a atacantes establecer reglas Access Policy en el XenDesktop Delivery Controller a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4810",
"lastModified": "2024-11-21T02:53:01.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-01T22:59:05.940",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX213045"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX213045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-16 01:15
Modified
2024-11-21 05:38
Severity ?
Summary
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX285059 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX285059 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | virtual_apps_and_desktops | * | |
| citrix | virtual_apps_and_desktops | * | |
| citrix | xenapp | * | |
| citrix | xenapp | * | |
| citrix | xenapp | 7.6 | |
| citrix | xenapp | 7.6 | |
| citrix | xenapp | 7.15 | |
| citrix | xenapp | 7.15 | |
| citrix | xendesktop | * | |
| citrix | xendesktop | * | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.15 | |
| citrix | xendesktop | 7.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5D9D1D8B-8C9A-4CF7-8CCD-2CFDA4AB5970",
"versionEndIncluding": "2006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "799D10F0-247F-4BD2-9DA1-D37B043001C8",
"versionEndIncluding": "1912",
"versionStartIncluding": "1903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "DDB23637-BC09-4914-A028-AA01CB01F24D",
"versionEndExcluding": "7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "B0FFFD24-0C7B-4D8D-A786-9469D7DA0C35",
"versionEndExcluding": "7.15",
"versionStartIncluding": "7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "5A2B7A20-48C6-405C-99C8-06D0F4FE5910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6:cu8:*:*:ltsr:*:*:*",
"matchCriteriaId": "6246BB4D-CDB3-4A4B-940D-93293B6C417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "39D97CED-69C7-4762-85E9-978813DB3392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "2A10B5EA-EC14-47ED-ADBB-D975C6B07BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "31BF23CF-C7C3-4A61-B52B-964E14EE224A",
"versionEndExcluding": "7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "2D2866E0-EB16-42AC-8C7F-7C52FDF88B9B",
"versionEndExcluding": "7.15",
"versionStartIncluding": "7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "DF2F2C5D-D5AD-4E22-B182-67A4C0C90F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:cu8:*:*:ltsr:*:*:*",
"matchCriteriaId": "8CAEBBB5-DC51-4718-AC6C-152F7ADE19C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "1AFF8323-A381-481F-9BE2-F9027D942851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "1A2A6CF3-F554-44C9-965E-FEAEDDE44D95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
},
{
"lang": "es",
"value": "Un usuario de Windows no privilegiado en el VDA puede llevar a cabo una ejecuci\u00f3n de comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, versi\u00f3n 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versi\u00f3n 7.15 LTSR CU6 hotfix CTX285344 y versi\u00f3n 7.6 LTSR CU9"
}
],
"id": "CVE-2020-8269",
"lastModified": "2024-11-21T05:38:37.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-16T01:15:13.623",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX285059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-11 02:15
Modified
2024-11-21 05:02
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenapp:6.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C455A80D-45E2-4963-981D-610D9C24391C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** VERSI\u00d3N NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** Citrix XenApp versi\u00f3n 6.5, cuando 2FA est\u00e1 habilitado, permite a un atacante remoto no autenticado determinar si existe un usuario en el servidor, porque la p\u00e1gina de error 2FA solo se produce despu\u00e9s de ingresar un nombre de usuario v\u00e1lido. NOTA: Esta vulnerabilidad s\u00f3lo afecta a los productos que ya no son apoyados por el mantenedor"
}
],
"id": "CVE-2020-13998",
"lastModified": "2024-11-21T05:02:19.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-06-11T02:15:10.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:50
Severity ?
Summary
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX319750 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX319750 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | virtual_apps_and_desktops | * | |
| citrix | virtual_apps_and_desktops | 1912 | |
| citrix | virtual_apps_and_desktops | 1912 | |
| citrix | xenapp | 7.15 | |
| citrix | xenapp | 7.15 | |
| citrix | xenapp | 7.15 | |
| citrix | xendesktop | 7.15 | |
| citrix | xendesktop | 7.15 | |
| citrix | xendesktop | 7.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FE7155E-9F8B-47B7-8E70-2D947F6AEDAC",
"versionEndIncluding": "2106",
"versionStartIncluding": "2006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "F9330183-B04B-46F1-9DA6-5EAF216DFCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:*:*:*:*",
"matchCriteriaId": "3DE66CEF-6D57-429A-9776-E5ED73827A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "39D97CED-69C7-4762-85E9-978813DB3392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "2A10B5EA-EC14-47ED-ADBB-D975C6B07BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu7:*:*:ltsr:*:*:*",
"matchCriteriaId": "2CFEBFEE-2A25-44E4-B52F-FFE74919F488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "1AFF8323-A381-481F-9BE2-F9027D942851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "1A2A6CF3-F554-44C9-965E-FEAEDDE44D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu7:*:*:ltsr:*:*:*",
"matchCriteriaId": "15C211A8-9CD0-44B0-BD5D-94D78290EBA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Citrix Virtual Apps and Desktops que podr\u00eda, si es explotado, permitir a un usuario de un VDA de Windows que tenga instalado Citrix Profile Management o Citrix Profile Management WMI Plugin escalar su nivel de privilegios en ese VDA de Windows a SYSTEM"
}
],
"id": "CVE-2021-22928",
"lastModified": "2024-11-21T05:50:56.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:11.733",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX319750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX319750"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX285059 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX285059 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | virtual_apps_and_desktops | * | |
| citrix | virtual_apps_and_desktops | * | |
| citrix | xenapp | * | |
| citrix | xenapp | * | |
| citrix | xenapp | 7.6 | |
| citrix | xenapp | 7.6 | |
| citrix | xenapp | 7.15 | |
| citrix | xenapp | 7.15 | |
| citrix | xendesktop | * | |
| citrix | xendesktop | * | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.15 | |
| citrix | xendesktop | 7.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5D9D1D8B-8C9A-4CF7-8CCD-2CFDA4AB5970",
"versionEndIncluding": "2006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "799D10F0-247F-4BD2-9DA1-D37B043001C8",
"versionEndIncluding": "1912",
"versionStartIncluding": "1903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "DDB23637-BC09-4914-A028-AA01CB01F24D",
"versionEndExcluding": "7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "B0FFFD24-0C7B-4D8D-A786-9469D7DA0C35",
"versionEndExcluding": "7.15",
"versionStartIncluding": "7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "5A2B7A20-48C6-405C-99C8-06D0F4FE5910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6:cu8:*:*:ltsr:*:*:*",
"matchCriteriaId": "6246BB4D-CDB3-4A4B-940D-93293B6C417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "39D97CED-69C7-4762-85E9-978813DB3392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "2A10B5EA-EC14-47ED-ADBB-D975C6B07BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "31BF23CF-C7C3-4A61-B52B-964E14EE224A",
"versionEndExcluding": "7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "2D2866E0-EB16-42AC-8C7F-7C52FDF88B9B",
"versionEndExcluding": "7.15",
"versionStartIncluding": "7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "DF2F2C5D-D5AD-4E22-B182-67A4C0C90F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:cu8:*:*:ltsr:*:*:*",
"matchCriteriaId": "8CAEBBB5-DC51-4718-AC6C-152F7ADE19C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "1AFF8323-A381-481F-9BE2-F9027D942851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "1A2A6CF3-F554-44C9-965E-FEAEDDE44D95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9."
},
{
"lang": "es",
"value": "Un usuario autorizado en un host de Windows que ejecuta Citrix Universal Print Server, puede llevar a cabo comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versiones 7.15 LTSR CU6 hotfix CTX285344 y 7.6 LTSR CU9"
}
],
"id": "CVE-2020-8283",
"lastModified": "2024-11-21T05:38:39.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-14T20:15:13.840",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX285059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-19 21:59
Modified
2024-11-21 02:56
Severity ?
Summary
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://support.citrix.com/article/CTX215460 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/92316 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1036539 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.citrix.com/article/CTX215460 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92316 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036539 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenapp:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF5D24E-646C-4428-9355-4EC5CC112D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:6.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C455A80D-45E2-4963-981D-610D9C24391C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBD34F8-C799-4B9D-8F39-495950141C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB767F-300F-4834-852A-B669108F6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF94BE2-0C4A-421A-A6DA-57264554892D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FEE2F3-B186-4F01-93CC-D85150346EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFF26F3-658E-44BB-8540-B7D24D9F351C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6751B828-156C-4276-907E-FC2991C86B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73145DB2-0216-4AB9-A4EF-70D52BFA1305",
"versionEndIncluding": "7.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission."
},
{
"lang": "es",
"value": "Citrix XenApp 6.x en versiones anteriores a 6.5 HRP07 y 7.x en versiones anteriores a 7.9 y Citrix XenDesktop en versiones anteriores a 7.9 podr\u00eda permitir a atacantes debilitar una mitigaci\u00f3n de seguridad no especificada a trav\u00e9s de vectores relacionados con permiso de memoria."
}
],
"id": "CVE-2016-6493",
"lastModified": "2024-11-21T02:56:13.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-19T21:59:16.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX215460"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92316"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX215460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-8269
Vulnerability from cvelistv5
Published
2020-11-16 00:35
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX285059 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix Virtual Apps and Desktops |
Version: 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Virtual Apps and Desktops",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2009, 1912 LTSR\u00a0CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management (CWE-269)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-16T00:35:24",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Virtual Apps and Desktops",
"version": {
"version_data": [
{
"version_value": "2009, 1912 LTSR\u00a0CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management (CWE-269)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX285059",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX285059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8269",
"datePublished": "2020-11-16T00:35:24",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8283
Vulnerability from cvelistv5
Published
2020-12-14 19:40
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX285059 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix Virtual Apps and Desktops |
Version: 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Virtual Apps and Desktops",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2009, 1912 LTSR\u00a0CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management (CWE-269)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T19:40:18",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Virtual Apps and Desktops",
"version": {
"version_data": [
{
"version_value": "2009, 1912 LTSR\u00a0CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management (CWE-269)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX285059",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX285059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8283",
"datePublished": "2020-12-14T19:40:18",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22928
Vulnerability from cvelistv5
Published
2021-08-05 20:16
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX319750 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix Virtual Apps and Desktops |
Version: 2106 HF1, 1912LTSR CU3 HF1, 7.15LTSR CU7 HF1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX319750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Virtual Apps and Desktops",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2106 HF1, 1912LTSR CU3 HF1, 7.15LTSR CU7 HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation (CAPEC-233)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:16:39",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX319750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Virtual Apps and Desktops",
"version": {
"version_data": [
{
"version_value": "2106 HF1, 1912LTSR CU3 HF1, 7.15LTSR CU7 HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX319750",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX319750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22928",
"datePublished": "2021-08-05T20:16:39",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4676
Vulnerability from cvelistv5
Published
2008-10-22 10:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.citrix.com/article/CTX116310 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31484 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1020954 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45507 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32017 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2702 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX116310"
},
{
"name": "31484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31484"
},
{
"name": "1020954",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020954"
},
{
"name": "citrix-server-unspecified-priv-escalation(45507)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
},
{
"name": "32017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32017"
},
{
"name": "ADV-2008-2702",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX116310"
},
{
"name": "31484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31484"
},
{
"name": "1020954",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020954"
},
{
"name": "citrix-server-unspecified-priv-escalation(45507)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
},
{
"name": "32017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32017"
},
{
"name": "ADV-2008-2702",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX116310",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX116310"
},
{
"name": "31484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31484"
},
{
"name": "1020954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020954"
},
{
"name": "citrix-server-unspecified-priv-escalation(45507)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
},
{
"name": "32017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32017"
},
{
"name": "ADV-2008-2702",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4676",
"datePublished": "2008-10-22T10:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5161
Vulnerability from cvelistv5
Published
2012-12-26 22:00
Modified
2024-08-06 20:58
Severity ?
EPSS score ?
Summary
The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.citrix.com/article/CTX135066 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80627 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/88368 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/51538 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/56907 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1027868 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:58:02.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX135066"
},
{
"name": "citrix-xenapp-xml-code-exec(80627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80627"
},
{
"name": "88368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/88368"
},
{
"name": "51538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51538"
},
{
"name": "56907",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56907"
},
{
"name": "1027868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX135066"
},
{
"name": "citrix-xenapp-xml-code-exec(80627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80627"
},
{
"name": "88368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/88368"
},
{
"name": "51538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51538"
},
{
"name": "56907",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56907"
},
{
"name": "1027868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX135066",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX135066"
},
{
"name": "citrix-xenapp-xml-code-exec(80627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80627"
},
{
"name": "88368",
"refsource": "OSVDB",
"url": "http://osvdb.org/88368"
},
{
"name": "51538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51538"
},
{
"name": "56907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56907"
},
{
"name": "1027868",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5161",
"datePublished": "2012-12-26T22:00:00",
"dateReserved": "2012-09-25T00:00:00",
"dateUpdated": "2024-08-06T20:58:02.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13998
Vulnerability from cvelistv5
Published
2020-06-11 01:59
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:xenapp:6.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xenapp",
"vendor": "citrix",
"versions": [
{
"status": "affected",
"version": "6.5.0.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-13998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T17:13:26.714413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:25:58.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-09T12:13:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96",
"refsource": "MISC",
"url": "https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13998",
"datePublished": "2020-06-11T01:59:35",
"dateReserved": "2020-06-09T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2453
Vulnerability from cvelistv5
Published
2009-07-14 14:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.citrix.com/article/CTX118792 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34865 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/1154 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1022114 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/53900 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/34691 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX118792"
},
{
"name": "34865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34865"
},
{
"name": "ADV-2009-1154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1154"
},
{
"name": "1022114",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022114"
},
{
"name": "53900",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53900"
},
{
"name": "34691",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-14T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX118792"
},
{
"name": "34865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34865"
},
{
"name": "ADV-2009-1154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1154"
},
{
"name": "1022114",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022114"
},
{
"name": "53900",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53900"
},
{
"name": "34691",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX118792",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX118792"
},
{
"name": "34865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34865"
},
{
"name": "ADV-2009-1154",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1154"
},
{
"name": "1022114",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022114"
},
{
"name": "53900",
"refsource": "OSVDB",
"url": "http://osvdb.org/53900"
},
{
"name": "34691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2453",
"datePublished": "2009-07-14T14:00:00Z",
"dateReserved": "2009-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:10.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4810
Vulnerability from cvelistv5
Published
2016-06-01 22:00
Modified
2024-08-06 00:39
Severity ?
EPSS score ?
Summary
Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036021 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX213045 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036021",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX213045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036021",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX213045"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036021",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036021"
},
{
"name": "http://support.citrix.com/article/CTX213045",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX213045"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4810",
"datePublished": "2016-06-01T22:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:39:26.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6493
Vulnerability from cvelistv5
Published
2016-08-19 21:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036539 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92316 | vdb-entry, x_refsource_BID | |
| http://support.citrix.com/article/CTX215460 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036539"
},
{
"name": "92316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX215460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036539"
},
{
"name": "92316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX215460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036539"
},
{
"name": "92316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92316"
},
{
"name": "http://support.citrix.com/article/CTX215460",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX215460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6493",
"datePublished": "2016-08-19T21:00:00",
"dateReserved": "2016-07-29T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}