CVE-2014-3780 — Improper Authentication in Citrix Vdi-in-a-box

CWE-287 — Improper Authentication4 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Vdi-in-a-box Citrix ADM Citrix Hypervisor +5 more

Timeline

PublishedMay 30

Latest updateMay 17

Description

Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages8 packages

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶NVDcitrix/vdi-in-a-box12 versions+11

▶citrixcitrix/netscaler_adc

▶citrixcitrix/citrix_hypervisor

🔴Vulnerability Details

GHSA

GHSA-84qr-wgj8-h8v8: Unspecified vulnerability in Citrix VDI-In-A-Box 5↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2014-3780: Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspec↗2014-05-30

▶

Citrix

Citrix Security Bulletin CTX140779↗

▶