CVSS: 8.7EPSS: 20%CPEs: 1EXPL: 2CVE-2021-28113 – Okta Access Gateway 2020.5.5 Authenticated Remote Root
https://notcve.org/view.php?id=CVE-2021-28113
02 Apr 2021 — A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. Una vulnerabilidad de inyección de comandos en los parámetros cookieDomain y relayDomain de Okta Access Gateway versiones anteriores a 2020.9.3, permite a atacantes (con acceso de administrador a la interfaz de usuario de Okta Access Gateway) ejecutar comandos del siste... • https://packetstorm.news/files/id/163428 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 71%CPEs: 18EXPL: 3CVE-2010-4566 – Citrix Access Gateway - Command Execution
https://notcve.org/view.php?id=CVE-2010-4566
14 Jan 2011 — The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field. Vulnerabilidad no especificada en el componente de autenticación NT4 en Citrix Access Gateway Enterprise Edition v9.2-49.8 y anteriores, y el componente de autenticación NTL... • https://www.exploit-db.com/exploits/16916 •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2008-2528
https://notcve.org/view.php?id=CVE-2008-2528
03 Jun 2008 — Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. Vulnerabilidad no especificada en Citrix Access Gateway Standard Edition 4.5.7 y versiones anteriores y Advanced Edition 4.5 HF2 y versiones anteriores permite a atacantes remotos evitar la autenticación y conseguir "acceso a los recursos de red" a través de vectores no especifi... • http://secunia.com/advisories/30175 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3679
https://notcve.org/view.php?id=CVE-2007-3679
25 Jul 2007 — The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. El control ActiveX Citrix EPA (también conocido como el "endpoint checking control" ó Objeto CCAOControl) versiones anteriores a 4.5.0.0 en npCtxCAO.dll de Citrix Access Gateway Standard Edition versiones anter... • http://osvdb.org/37845 •