CVE-2002-0301 — Citrix Nfuse vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 29.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Nfuse

Timeline

PublishedMay 31

Latest updateApr 30

Description

Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcitrix/nfuse1.6

🔴Vulnerability Details

GHSA

GHSA-f296-r3cf-3mq8: Citrix NFuse 1↗2022-04-30

▶

📋Vendor Advisories

Citrix

CVE-2002-0301: Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_U↗2002-05-31

▶