Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2682

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-2682
Last Modified 02 Apr 2015 10:00:45
Published 26 Mar 2015 10:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2682

Summary

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.

Vulnerable Systems

Application

  • Citrix Command Center 5.1

  • Citrix Command Center 5.2


References

MISC - https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.html

CONFIRM - http://support.citrix.com/article/CTX200584

FULLDISC - 20150319 Citrix Command Center allows downloading of configuration files

MISC - http://packetstormsecurity.com/files/130928/Citrix-Command-Center-Configuration-Disclosure.html

SECTRACK - 1031993


Last Updated: 27 May 2016 11:08:14