Lucene search
HistoryNov 17, 2008 - 6:18 p.m.
CVE-2008-5107
citrix
presentation server
desktop server
installation
msi logging
database credentials
security vulnerability
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
Affected configurations
Node
citrixdesktop_serverMatch1.0
ORcitrixpresentation_serverMatch4.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| citrix:desktop_server | citrix desktop server | eq | 1.0 |
| citrix:presentation_server | citrix presentation server | eq | 4.5 |
Related
prion
prion
Design/Logic Flaw
2008-11-17 18:18:00
kaspersky
kaspersky
KLA10112 OSI vulnerability in Citrix
2008-11-17 00:00:00
cvelist
cvelist
CVE-2008-5107
2008-11-17 18:00:00
nvd
nvd
CVE-2008-5107
2008-11-17 18:18:48
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2008-5107