Описание
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
Ссылки
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Permissions Required
- Third Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Permissions Required
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 8.1 (включая)
Одновременно
Одно из
cpe:2.3:o:citrix:netscaler_access_gateway_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_access_gateway_firmware:7.0:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_access_gateway_firmware:8.0:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.0:*:*:*:*:*:*:*
cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*
EPSS
Процентиль: 57%
0.00347
Низкий
6.5 Medium
CVSS3
6.3 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 6.5
github
почти 4 года назад
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
EPSS
Процентиль: 57%
0.00347
Низкий
6.5 Medium
CVSS3
6.3 Medium
CVSS2
Дефекты
CWE-863