CVE-2007-0011 — Sensitive Information Exposure in Citrix Access Gateway

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 20.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Access Gateway

Timeline

PublishedNov 5

Latest updateMay 1

Description

The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcitrix/access_gateway4.0, 4.2, 4.5+2

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-ph74-68r2-9xmr: The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4↗2022-05-01

▶

📋Vendor Advisories

Citrix

CVE-2007-0011: The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL,↗2007-11-05

▶