Vulnerabilites related to citrix - xendesktop
cve-2014-4700
Vulnerability from cvelistv5
Published
2014-07-11 14:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68530 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030566 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/59889 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94460 | vdb-entry, x_refsource_XF | |
| http://support.citrix.com/article/CTX139591 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68530"
},
{
"name": "1030566",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030566"
},
{
"name": "59889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59889"
},
{
"name": "citrix-desktop-cve20144700-unauth-access(94460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX139591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user\u0027s desktop via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68530"
},
{
"name": "1030566",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030566"
},
{
"name": "59889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59889"
},
{
"name": "citrix-desktop-cve20144700-unauth-access(94460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX139591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user\u0027s desktop via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68530"
},
{
"name": "1030566",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030566"
},
{
"name": "59889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59889"
},
{
"name": "citrix-desktop-cve20144700-unauth-access(94460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94460"
},
{
"name": "http://support.citrix.com/article/CTX139591",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX139591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4700",
"datePublished": "2014-07-11T14:00:00",
"dateReserved": "2014-06-30T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8269
Vulnerability from cvelistv5
Published
2020-11-16 00:35
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX285059 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix Virtual Apps and Desktops |
Version: 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Virtual Apps and Desktops",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2009, 1912 LTSR\u00a0CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management (CWE-269)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-16T00:35:24",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Virtual Apps and Desktops",
"version": {
"version_data": [
{
"version_value": "2009, 1912 LTSR\u00a0CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management (CWE-269)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX285059",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX285059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8269",
"datePublished": "2020-11-16T00:35:24",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8283
Vulnerability from cvelistv5
Published
2020-12-14 19:40
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX285059 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix Virtual Apps and Desktops |
Version: 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Virtual Apps and Desktops",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2009, 1912 LTSR\u00a0CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management (CWE-269)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T19:40:18",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Virtual Apps and Desktops",
"version": {
"version_data": [
{
"version_value": "2009, 1912 LTSR\u00a0CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management (CWE-269)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX285059",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX285059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8283",
"datePublished": "2020-12-14T19:40:18",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22928
Vulnerability from cvelistv5
Published
2021-08-05 20:16
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX319750 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix Virtual Apps and Desktops |
Version: 2106 HF1, 1912LTSR CU3 HF1, 7.15LTSR CU7 HF1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX319750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Virtual Apps and Desktops",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2106 HF1, 1912LTSR CU3 HF1, 7.15LTSR CU7 HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation (CAPEC-233)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:16:39",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX319750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Virtual Apps and Desktops",
"version": {
"version_data": [
{
"version_value": "2106 HF1, 1912LTSR CU3 HF1, 7.15LTSR CU7 HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX319750",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX319750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22928",
"datePublished": "2021-08-05T20:16:39",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6314
Vulnerability from cvelistv5
Published
2012-12-26 22:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/56908 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/88369 | vdb-entry, x_refsource_OSVDB | |
| http://support.citrix.com/article/CTX135813 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80626 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1027869 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/51524 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56908"
},
{
"name": "88369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/88369"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX135813"
},
{
"name": "xendesktop-vda-sec-bypass(80626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80626"
},
{
"name": "1027869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027869"
},
{
"name": "51524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "56908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56908"
},
{
"name": "88369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/88369"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX135813"
},
{
"name": "xendesktop-vda-sec-bypass(80626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80626"
},
{
"name": "1027869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027869"
},
{
"name": "51524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56908"
},
{
"name": "88369",
"refsource": "OSVDB",
"url": "http://osvdb.org/88369"
},
{
"name": "http://support.citrix.com/article/CTX135813",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX135813"
},
{
"name": "xendesktop-vda-sec-bypass(80626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80626"
},
{
"name": "1027869",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027869"
},
{
"name": "51524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6314",
"datePublished": "2012-12-26T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6077
Vulnerability from cvelistv5
Published
2013-11-05 18:00
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.citrix.com/article/CTX138627 | x_refsource_CONFIRM | |
| http://osvdb.org/98890 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:43.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX138627"
},
{
"name": "98890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/98890"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-05T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX138627"
},
{
"name": "98890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/98890"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX138627",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX138627"
},
{
"name": "98890",
"refsource": "OSVDB",
"url": "http://osvdb.org/98890"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6077",
"datePublished": "2013-11-05T18:00:00Z",
"dateReserved": "2013-10-11T00:00:00Z",
"dateUpdated": "2024-09-17T03:07:47.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4810
Vulnerability from cvelistv5
Published
2016-06-01 22:00
Modified
2024-08-06 00:39
Severity ?
EPSS score ?
Summary
Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036021 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX213045 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036021",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX213045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036021",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX213045"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036021",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036021"
},
{
"name": "http://support.citrix.com/article/CTX213045",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX213045"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4810",
"datePublished": "2016-06-01T22:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:39:26.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6493
Vulnerability from cvelistv5
Published
2016-08-19 21:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036539 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92316 | vdb-entry, x_refsource_BID | |
| http://support.citrix.com/article/CTX215460 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036539"
},
{
"name": "92316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX215460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036539"
},
{
"name": "92316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX215460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036539"
},
{
"name": "92316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92316"
},
{
"name": "http://support.citrix.com/article/CTX215460",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX215460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6493",
"datePublished": "2016-08-19T21:00:00",
"dateReserved": "2016-07-29T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-11-05 18:55
Modified
2024-11-21 01:58
Severity ?
Summary
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xendesktop | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22560F24-4D19-41E3-BEFD-4AABB8E289E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions."
},
{
"lang": "es",
"value": "Citrix XenDesktop 7.0, cuando se actualiza desde XenDesktop 5.x, no se hacen cumplir adecuadamente los permisos de la pol\u00edtica de reglas, lo que permite a atacantes remotos evitar las restricciones previstas."
}
],
"id": "CVE-2013-6077",
"lastModified": "2024-11-21T01:58:42.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-05T18:55:06.197",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/98890"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX138627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/98890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX138627"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-01 22:59
Modified
2024-11-21 02:53
Severity ?
Summary
Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenapp | 7.5 | |
| citrix | xenapp | 7.6 | |
| citrix | xendesktop | 7.0 | |
| citrix | xendesktop | 7.1 | |
| citrix | xendesktop | 7.5 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32E4F74A-5F0E-4594-9BB3-8041BEE338C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98334CF7-5B0E-42EC-919C-FBDECFD4D810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22560F24-4D19-41E3-BEFD-4AABB8E289E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B75A1E4B-38FB-427D-9293-2113B00CE60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD95B20-D022-4DDA-862A-2744F303D5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "12D36FDF-2923-4E9C-8B94-688A56A4E047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:fp1:*:*:*:*:*:*",
"matchCriteriaId": "986EAB37-3DFE-4C89-A066-EE4A46EB4CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:fp2:*:*:*:*:*:*",
"matchCriteriaId": "58C64C20-B5E7-4698-BD76-86C06648C5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:fp3:*:*:*:*:*:*",
"matchCriteriaId": "87AA263B-AF98-4BF2-9306-C396389A727C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:ltsr:*:*:*:*:*:*",
"matchCriteriaId": "40305BFB-58B4-4A60-BE6C-1074C6D4F205",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors."
},
{
"lang": "es",
"value": "Citrix Studio en versiones anteriores a 7.6.1000, Citrix XenDesktop 7.x en versiones anteriores a 7.6 LTSR Cumulative Update 1 (CU1) y Citrix XenApp 7.5 y 7.6 permiten a atacantes establecer reglas Access Policy en el XenDesktop Delivery Controller a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4810",
"lastModified": "2024-11-21T02:53:01.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-01T22:59:05.940",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX213045"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX213045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-16 01:15
Modified
2024-11-21 05:38
Severity ?
Summary
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX285059 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX285059 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | virtual_apps_and_desktops | * | |
| citrix | virtual_apps_and_desktops | * | |
| citrix | xenapp | * | |
| citrix | xenapp | * | |
| citrix | xenapp | 7.6 | |
| citrix | xenapp | 7.6 | |
| citrix | xenapp | 7.15 | |
| citrix | xenapp | 7.15 | |
| citrix | xendesktop | * | |
| citrix | xendesktop | * | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.15 | |
| citrix | xendesktop | 7.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5D9D1D8B-8C9A-4CF7-8CCD-2CFDA4AB5970",
"versionEndIncluding": "2006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "799D10F0-247F-4BD2-9DA1-D37B043001C8",
"versionEndIncluding": "1912",
"versionStartIncluding": "1903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "DDB23637-BC09-4914-A028-AA01CB01F24D",
"versionEndExcluding": "7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "B0FFFD24-0C7B-4D8D-A786-9469D7DA0C35",
"versionEndExcluding": "7.15",
"versionStartIncluding": "7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "5A2B7A20-48C6-405C-99C8-06D0F4FE5910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6:cu8:*:*:ltsr:*:*:*",
"matchCriteriaId": "6246BB4D-CDB3-4A4B-940D-93293B6C417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "39D97CED-69C7-4762-85E9-978813DB3392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "2A10B5EA-EC14-47ED-ADBB-D975C6B07BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "31BF23CF-C7C3-4A61-B52B-964E14EE224A",
"versionEndExcluding": "7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "2D2866E0-EB16-42AC-8C7F-7C52FDF88B9B",
"versionEndExcluding": "7.15",
"versionStartIncluding": "7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "DF2F2C5D-D5AD-4E22-B182-67A4C0C90F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:cu8:*:*:ltsr:*:*:*",
"matchCriteriaId": "8CAEBBB5-DC51-4718-AC6C-152F7ADE19C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "1AFF8323-A381-481F-9BE2-F9027D942851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "1A2A6CF3-F554-44C9-965E-FEAEDDE44D95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9"
},
{
"lang": "es",
"value": "Un usuario de Windows no privilegiado en el VDA puede llevar a cabo una ejecuci\u00f3n de comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, versi\u00f3n 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versi\u00f3n 7.15 LTSR CU6 hotfix CTX285344 y versi\u00f3n 7.6 LTSR CU9"
}
],
"id": "CVE-2020-8269",
"lastModified": "2024-11-21T05:38:37.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-16T01:15:13.623",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX285059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:50
Severity ?
Summary
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX319750 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX319750 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | virtual_apps_and_desktops | * | |
| citrix | virtual_apps_and_desktops | 1912 | |
| citrix | virtual_apps_and_desktops | 1912 | |
| citrix | xenapp | 7.15 | |
| citrix | xenapp | 7.15 | |
| citrix | xenapp | 7.15 | |
| citrix | xendesktop | 7.15 | |
| citrix | xendesktop | 7.15 | |
| citrix | xendesktop | 7.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0FE7155E-9F8B-47B7-8E70-2D947F6AEDAC",
"versionEndIncluding": "2106",
"versionStartIncluding": "2006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "F9330183-B04B-46F1-9DA6-5EAF216DFCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:*:*:*:*",
"matchCriteriaId": "3DE66CEF-6D57-429A-9776-E5ED73827A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "39D97CED-69C7-4762-85E9-978813DB3392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "2A10B5EA-EC14-47ED-ADBB-D975C6B07BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu7:*:*:ltsr:*:*:*",
"matchCriteriaId": "2CFEBFEE-2A25-44E4-B52F-FFE74919F488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "1AFF8323-A381-481F-9BE2-F9027D942851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "1A2A6CF3-F554-44C9-965E-FEAEDDE44D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu7:*:*:ltsr:*:*:*",
"matchCriteriaId": "15C211A8-9CD0-44B0-BD5D-94D78290EBA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Citrix Virtual Apps and Desktops que podr\u00eda, si es explotado, permitir a un usuario de un VDA de Windows que tenga instalado Citrix Profile Management o Citrix Profile Management WMI Plugin escalar su nivel de privilegios en ese VDA de Windows a SYSTEM"
}
],
"id": "CVE-2021-22928",
"lastModified": "2024-11-21T05:50:56.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:11.733",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX319750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX319750"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX285059 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX285059 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | virtual_apps_and_desktops | * | |
| citrix | virtual_apps_and_desktops | * | |
| citrix | xenapp | * | |
| citrix | xenapp | * | |
| citrix | xenapp | 7.6 | |
| citrix | xenapp | 7.6 | |
| citrix | xenapp | 7.15 | |
| citrix | xenapp | 7.15 | |
| citrix | xendesktop | * | |
| citrix | xendesktop | * | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.6 | |
| citrix | xendesktop | 7.15 | |
| citrix | xendesktop | 7.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5D9D1D8B-8C9A-4CF7-8CCD-2CFDA4AB5970",
"versionEndIncluding": "2006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "799D10F0-247F-4BD2-9DA1-D37B043001C8",
"versionEndIncluding": "1912",
"versionStartIncluding": "1903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "DDB23637-BC09-4914-A028-AA01CB01F24D",
"versionEndExcluding": "7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "B0FFFD24-0C7B-4D8D-A786-9469D7DA0C35",
"versionEndExcluding": "7.15",
"versionStartIncluding": "7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "5A2B7A20-48C6-405C-99C8-06D0F4FE5910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6:cu8:*:*:ltsr:*:*:*",
"matchCriteriaId": "6246BB4D-CDB3-4A4B-940D-93293B6C417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "39D97CED-69C7-4762-85E9-978813DB3392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "2A10B5EA-EC14-47ED-ADBB-D975C6B07BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "31BF23CF-C7C3-4A61-B52B-964E14EE224A",
"versionEndExcluding": "7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:ltsr:*:*:*",
"matchCriteriaId": "2D2866E0-EB16-42AC-8C7F-7C52FDF88B9B",
"versionEndExcluding": "7.15",
"versionStartIncluding": "7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "DF2F2C5D-D5AD-4E22-B182-67A4C0C90F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.6:cu8:*:*:ltsr:*:*:*",
"matchCriteriaId": "8CAEBBB5-DC51-4718-AC6C-152F7ADE19C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "1AFF8323-A381-481F-9BE2-F9027D942851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:7.15:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "1A2A6CF3-F554-44C9-965E-FEAEDDE44D95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9."
},
{
"lang": "es",
"value": "Un usuario autorizado en un host de Windows que ejecuta Citrix Universal Print Server, puede llevar a cabo comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versiones 7.15 LTSR CU6 hotfix CTX285344 y 7.6 LTSR CU9"
}
],
"id": "CVE-2020-8283",
"lastModified": "2024-11-21T05:38:39.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-14T20:15:13.840",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX285059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX285059"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-19 21:59
Modified
2024-11-21 02:56
Severity ?
Summary
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://support.citrix.com/article/CTX215460 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/92316 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1036539 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.citrix.com/article/CTX215460 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92316 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036539 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenapp:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF5D24E-646C-4428-9355-4EC5CC112D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:6.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C455A80D-45E2-4963-981D-610D9C24391C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBD34F8-C799-4B9D-8F39-495950141C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB767F-300F-4834-852A-B669108F6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF94BE2-0C4A-421A-A6DA-57264554892D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48FEE2F3-B186-4F01-93CC-D85150346EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFF26F3-658E-44BB-8540-B7D24D9F351C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenapp:7.8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6751B828-156C-4276-907E-FC2991C86B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73145DB2-0216-4AB9-A4EF-70D52BFA1305",
"versionEndIncluding": "7.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission."
},
{
"lang": "es",
"value": "Citrix XenApp 6.x en versiones anteriores a 6.5 HRP07 y 7.x en versiones anteriores a 7.9 y Citrix XenDesktop en versiones anteriores a 7.9 podr\u00eda permitir a atacantes debilitar una mitigaci\u00f3n de seguridad no especificada a trav\u00e9s de vectores relacionados con permiso de memoria."
}
],
"id": "CVE-2016-6493",
"lastModified": "2024-11-21T02:56:13.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-19T21:59:16.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX215460"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92316"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX215460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-26 22:55
Modified
2024-11-21 01:46
Severity ?
Summary
Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xendesktop | 5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xendesktop:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "44617274-F2C8-41C2-BEB2-EE5053E1687D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device."
},
{
"lang": "es",
"value": "Citrix XenDesktop Virtual Desktop Agent (VDA) v5.6.x antes de v5.6.200, al realizar cambios en la pol\u00edtica de control de redirecci\u00f3n USB en el lado del servidor, no propaga los cambios a la VDA, lo que permite mantener el acceso al dispositivo USB a los usuarios autenticados.\r\n"
}
],
"id": "CVE-2012-6314",
"lastModified": "2024-11-21T01:46:00.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-26T22:55:03.830",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/88369"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51524"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX135813"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56908"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027869"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/88369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX135813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80626"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-11 14:55
Modified
2024-11-21 02:10
Severity ?
Summary
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/59889 | Third Party Advisory | |
| cve@mitre.org | http://support.citrix.com/article/CTX139591 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/68530 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1030566 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/94460 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59889 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.citrix.com/article/CTX139591 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68530 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030566 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/94460 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xendesktop | * | |
| citrix | xendesktop | * | |
| citrix | xendesktop | 4.0 | |
| citrix | xendesktop | 4.0 | |
| citrix | xendesktop | 4.0 | |
| citrix | xendesktop | 5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA185E5-E44B-4612-B7EB-77BD4441175D",
"versionEndIncluding": "5.6",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86BC010B-FDC6-43D9-A453-2A3C9418CC53",
"versionEndIncluding": "7.11",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02FFA689-533D-4BE2-8E89-FBD5D4A558F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:4.0:fp1:*:*:*:*:*:*",
"matchCriteriaId": "A243336E-1F68-4C13-BA96-528188230E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:4.0:fp2:*:*:*:*:*:*",
"matchCriteriaId": "45E02090-560F-4F10-B456-7F6D2814C817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xendesktop:5.6:fp1:*:*:*:*:*:*",
"matchCriteriaId": "8EE553AD-08F8-4F09-80FD-F6BC11D9B23A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user\u0027s desktop via unspecified vectors."
},
{
"lang": "es",
"value": "Citrix XenDesktop 7.x, 5.x, y 4.x, cuando pooled random desktop groups est\u00e1 habilitado y ShutdownDesktopsAfterUse est\u00e1 deshabilitado, permite a usuarios locales invitados ganar acceso al escritorio de otro usuario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-4700",
"lastModified": "2024-11-21T02:10:44.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-11T14:55:04.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59889"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX139591"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68530"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030566"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX139591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94460"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}