CVE-2006-4846
published 2006-09-19CVE-2006-4846: Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication…
PriorityP433medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
3.67%
88.3th percentile
Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | access_gateway | — | — |
| citrix | access_gateway | — | — |
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rv56-6633-c83p: Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2006-6572 [MEDIUM] GHSA-rv56-6633-c83p: Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4
Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-372j-ghp3-gx46: Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4
ghsa_unreviewed·2022-05-01
CVE-2006-4846 [MEDIUM] GHSA-372j-ghp3-gx46: Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4
Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors.
Citrix
CVE-2006-6572: Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114
vendor_citrix·2006-12-15·CVSS 6.5
CVE-2006-6572 [MEDIUM] CVE-2006-6572: Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114
CVE-2006-6572: Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information.
Citrix
CVE-2006-4846: Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authenti
vendor_citrix·2006-09-19·CVSS 5.1
CVE-2006-4846 [MEDIUM] CVE-2006-4846: Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authenti
CVE-2006-4846: Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors.
Citrix
LDAP authentication vulnerability in Access Gateway Advanced Access Control
vendor_citrix·CVSS 5.1
CVE-2006-4846 [MEDIUM] LDAP authentication vulnerability in Access Gateway Advanced Access Control
LDAP authentication vulnerability in Access Gateway Advanced Access Control
of Problem If the Advanced Access Control option (AAC) of Access Gateway is configured to use LDAP authentication then it is possible for a user to logon without supplying valid credentials. This vulnerability only affects AAC Version 4.2 deployments that are using LDAP authentication; Access Gateway deployments that do not include AAC are not vulnerable to this issue.
CVE References: CVE-2006-4846
Affected Products: XenServer
Severity: High
Remediation:
This vulnerability is addressed by hotfix AAC420W004. Citrix recommends that any customers using AAC 4.2 with LDAP authentication install this hotfix. The hotfix can be downloaded from the following location: http://support.citrix.com/article/CTX110439
Citrix
Citrix Security Bulletin CTX110439
vendor_citrix·CVSS 5.1
CVE-2006-4846 [MEDIUM] Citrix Security Bulletin CTX110439
Citrix Security Bulletin CTX110439
CVE References: CVE-2006-4846, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/21941http://securitytracker.com/id?1016874http://support.citrix.com/article/CTX110439http://support.citrix.com/article/CTX110950http://www.kb.cert.org/vuls/id/658620http://www.osvdb.org/28938http://www.securityfocus.com/bid/20066http://www.vupen.com/english/advisories/2006/3643https://exchange.xforce.ibmcloud.com/vulnerabilities/28990http://secunia.com/advisories/21941http://securitytracker.com/id?1016874http://support.citrix.com/article/CTX110439http://support.citrix.com/article/CTX110950http://www.kb.cert.org/vuls/id/658620http://www.osvdb.org/28938http://www.securityfocus.com/bid/20066http://www.vupen.com/english/advisories/2006/3643https://exchange.xforce.ibmcloud.com/vulnerabilities/28990
2006-09-19
Published