var-202207-2009
Vulnerability from variot
Unauthenticated redirection to a malicious website. of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller An open redirect vulnerability exists in firmware.Information may be obtained and information may be tampered with. Used for application security, overall visibility and availability. Prior to 86.17 and Citrix Gateway 13.0, Citrix ADC 12.1-65.15 and prior to Citrix Gateway 12.1, Citrix ADC 12.1-FIPS prior, Citrix ADC 12.1-NDcPP prior to 12.1-55.282
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-2009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1-65.15"
},
{
"model": "application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "13.0-86.17"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1"
},
{
"model": "application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1-65.15"
},
{
"model": "application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "13.1-24.38"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "13.1-24.38"
},
{
"model": "application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1-55.282"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "13.1"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "13.0"
},
{
"model": "application delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1"
},
{
"model": "application delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "13.1"
},
{
"model": "application delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "13.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "13.0-86.17"
},
{
"model": "citrix gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "citrix application delivery controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"cve": "CVE-2022-27509",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2022-27509",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-27509",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-27509",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-27509",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-2610",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unauthenticated redirection to a malicious website. of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller An open redirect vulnerability exists in firmware.Information may be obtained and information may be tampered with. Used for application security, overall visibility and availability. Prior to 86.17 and Citrix Gateway 13.0, Citrix ADC 12.1-65.15 and prior to Citrix Gateway 12.1, Citrix ADC 12.1-FIPS prior, Citrix ADC 12.1-NDcPP prior to 12.1-55.282",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27509"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "VULHUB",
"id": "VHN-418143"
},
{
"db": "VULMON",
"id": "CVE-2022-27509"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-27509",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2610",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-418143",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-27509",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418143"
},
{
"db": "VULMON",
"id": "CVE-2022-27509"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"id": "VAR-202207-2009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-418143"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:42:17.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Citrix ADC and Citrix Gateway Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203341"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.1
},
{
"problemtype": "Open redirect (CWE-601) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://support.citrix.com/article/ctx457836"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27509"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-27509/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418143"
},
{
"db": "VULMON",
"id": "CVE-2022-27509"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-418143"
},
{
"db": "VULMON",
"id": "CVE-2022-27509"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-418143"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27509"
},
{
"date": "2023-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"date": "2022-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-2610"
},
{
"date": "2022-07-28T14:15:08.380000",
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-418143"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27509"
},
{
"date": "2023-09-14T08:12:00",
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-2610"
},
{
"date": "2022-08-05T15:01:51.680000",
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "of Citrix Systems \u00a0Citrix\u00a0Gateway\u00a0 and \u00a0Citrix\u00a0Application\u00a0Delivery\u00a0Controller\u00a0 Open redirect vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.