CVE-2015-2682

Severity

50%

Complexity

99%

Confidentiality

48%

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Citrix Command Center

First reported 10 years ago

2015-03-26 14:59:00

Last updated 6 years ago

2019-02-05 18:15:00

Affected Software

Citrix Command Center 5.1

5.1

Citrix Command Center 5.2

5.2

References

http://packetstormsecurity.com/files/130928/Citrix-Command-Center-Configuration-Disclosure.html

Exploit, Third Party Advisory, VDB Entry

20150319 Citrix Command Center allows downloading of configuration files

Mailing List, Third Party Advisory

http://support.citrix.com/article/CTX200584

Vendor Advisory

73309

Third Party Advisory, VDB Entry

1031993

Third Party Advisory, VDB Entry

36441

Third Party Advisory, VDB Entry

https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.html

Exploit

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.