CVE-2007-6193 — Sensitive Information Exposure in Citrix Netscaler

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 48.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Citrix Netscaler ADC Gateway

Timeline

PublishedNov 30

Latest updateMay 1

Description

The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDcitrix/netscaler8.0

▶citrixcitrix/netscaler_adc_gateway

🔴Vulnerability Details

GHSA

GHSA-ch9c-6f95-hm27: The web management interface in Citrix NetScaler 8↗2022-05-01

▶

📋Vendor Advisories

Citrix

CVE-2007-6193: The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers↗2007-11-30

▶