CVE-2008-6830 — Citrix WEB Interface vulnerability

4 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.7%

top 27.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix WEB Interface Citrix ADM Citrix Hypervisor +5 more

Timeline

PublishedJun 8

Latest updateMay 17

Description

The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface.

CVSS vector

AV:N/AC:H/C:P/I:N/A:PExploitability: 4.9 | Impact: 4.9

Affected Packages8 packages

▶NVDcitrix/web_interface5.0, 5.0.1+1

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/netscaler_adc

▶citrixcitrix/citrix_hypervisor

Patches

Patch: osvdb.org ↗Patch: support.citrix.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-7gq8-rx89-j29p: The disconnection feature in Citrix Web Interface 5↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2008-6830: The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface sessio↗2009-06-08

▶

Citrix

Citrix Security Bulletin CTX118768↗

▶