CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7999
https://notcve.org/view.php?id=CVE-2015-7999
Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerbilidades de inyección SQL en los servlets Administration Web UI en Citrix Command Center en versiones anteriores a 5.1 Build 36.7 y 5.2 en versiones anteriores a Build 44.11 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://support.citrix.com/article/CTX203787 http://www.securityfocus.com/bid/79659 http://www.securitytracker.com/id/1034520 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 3CVE-2015-2682 – Citrix Command Center - Credential Disclosure
https://notcve.org/view.php?id=CVE-2015-2682
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. Citrix Command Center anterior a 5.1 Build 35.4 y 5.2 anterior a Build 42.7 permite a atacantes remotos obtener credenciales a través de una solicitud directa a conf/securitydbData.xml. • https://www.exploit-db.com/exploits/36441 http://packetstormsecurity.com/files/130928/Citrix-Command-Center-Configuration-Disclosure.html http://seclists.org/fulldisclosure/2015/Mar/126 http://support.citrix.com/article/CTX200584 http://www.securityfocus.com/bid/73309 http://www.securitytracker.com/id/1031993 https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.html • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 2CVE-2015-2683
https://notcve.org/view.php?id=CVE-2015-2683
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic. Citrix Command Center anterior a 5.1 Build 35.4 y 5.2 anterior a Build 42.7 no restringe correctamente el acceso al servlet Advent Java Management Extensions (JMX), lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados en servlets/Jmx_dynamic. • http://packetstormsecurity.com/files/130930/Citrx-Command-Center-Advent-JMX-Servlet-Accessible.html http://seclists.org/fulldisclosure/2015/Mar/127 http://support.citrix.com/article/CTX200584 http://www.securityfocus.com/archive/1/534933/100/0/threaded http://www.securityfocus.com/bid/73313 http://www.securitytracker.com/id/1031993 https://www.securify.nl/advisory/SFY20140804/advent_jmx_servlet_of_citrx_command_center_is_accessible_to_unauthenticated_users.html • CWE-264: Permissions, Privileges, and Access Controls •