Lucene search

[email protected]CVE-2015-2683

HistoryMar 26, 2015 - 2:59 p.m.

CVE-2015-2683

2015-03-2614:59:00

CWE-264

[email protected]

web.nvd.nist.gov

citrix

command center

remote code execution

cve-2015-2683

jmx servlet

security vulnerability

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.077 Low

EPSS

Percentile

94.2%

JSON

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.

CPENameOperatorVersion
citrix:command_centercitrix command centereq5.2
citrix:command_centercitrix command centereq5.1

CPE	Name	Operator	Version
citrix:command_center	citrix command center	eq	5.2
citrix:command_center	citrix command center	eq	5.1

References

packetstormsecurity.com/files/130930/Citrx-Command-Center-Advent-JMX-Servlet-Accessible.html

seclists.org/fulldisclosure/2015/Mar/127

support.citrix.com/article/CTX200584

www.securityfocus.com/archive/1/534933/100/0/threaded

www.securityfocus.com/bid/73313

www.securitytracker.com/id/1031993

www.securify.nl/advisory/SFY20140804/advent_jmx_servlet_of_citrx_command_center_is_accessible_to_unauthenticated_users.html

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.077 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2015-2683

prion1 cvelist1 kaspersky1