CVE-2013-6077
https://notcve.org/view.php?id=CVE-2013-6077
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. Citrix XenDesktop 7.0, cuando se actualiza desde XenDesktop 5.x, no se hacen cumplir adecuadamente los permisos de la política de reglas, lo que permite a atacantes remotos evitar las restricciones previstas. • http://osvdb.org/98890 http://support.citrix.com/article/CTX138627 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-6314
https://notcve.org/view.php?id=CVE-2012-6314
Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. Citrix XenDesktop Virtual Desktop Agent (VDA) v5.6.x antes de v5.6.200, al realizar cambios en la política de control de redirección USB en el lado del servidor, no propaga los cambios a la VDA, lo que permite mantener el acceso al dispositivo USB a los usuarios autenticados. • http://osvdb.org/88369 http://secunia.com/advisories/51524 http://support.citrix.com/article/CTX135813 http://www.securityfocus.com/bid/56908 http://www.securitytracker.com/id?1027869 https://exchange.xforce.ibmcloud.com/vulnerabilities/80626 •