CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2017-14602
https://notcve.org/view.php?id=CVE-2017-14602
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. Se ha identificado una vulnerabilidad en la interfaz de gestión de Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.1 anterior a la build 135.18, 10.5 anterior a la build 66.9, 10.5e anterior a la build 60.7010.e, 11.0 anterior a la build 70.16, 11.1 anterior a la build 55.13 y 12.0 anterior a la build 53.13 (excepto la build 41.24) que, si se explota, podría permitir que un atacante con acceso a la interfaz de gestión de NetScaler obtenga acceso administrativo a la aplicación. • http://www.securityfocus.com/bid/100980 https://support.citrix.com/article/CTX227928 https://support.citrix.com/article/CTX228091 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7219
https://notcve.org/view.php?id=CVE-2017-7219
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Una vulnerabilidad de desbordamiento de montón en las versiones Citrix NetScaler Gateway 10.1 en versiones anteriores a 135.8/135.12, 10.5 en versiones anteriores a 65.11, 11.0 en versiones anteriores a 70.12 y 11.1 en versiones anteriores a 52.13 permite a un atacante remoto autenticado ejecutar comandos arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/97626 http://www.securitytracker.com/id/1038283 https://support.citrix.com/article/CTX222657 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7996
https://notcve.org/view.php?id=CVE-2015-7996
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache. La API Nitro en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM) permite a atacantes obtener credenciales a través de la caché del navegador. • http://support.citrix.com/article/CTX202482 http://www.securitytracker.com/id/1034167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7998
https://notcve.org/view.php?id=CVE-2015-7998
The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. La IU de administración en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM), permite a atacantes obtener información sensible a través de vectores no especificados. • http://support.citrix.com/article/CTX202482 http://www.securitytracker.com/id/1034167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7997
https://notcve.org/view.php?id=CVE-2015-7997
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la API Nitro en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://support.citrix.com/article/CTX202482 http://www.securitytracker.com/id/1034167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •