Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2682 — Citrix Command Center vulnerability

CWE-175 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

34.7%

top 2.97%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Citrix Command Center Citrix ADM Citrix Hypervisor +5 more

Timeline

PublishedMar 26

Latest updateMay 14

Description

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages8 packages

▶NVDcitrix/command_center5.1, 5.2+1

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/netscaler_adc

▶citrixcitrix/citrix_hypervisor

🔴Vulnerability Details

GHSA

GHSA-gg63-37ff-2384: Citrix Command Center before 5↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Citrix Command Center - Credential Disclosure↗2015-03-19

▶

📋Vendor Advisories

Citrix

CVE-2015-2682: Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/secur↗2015-03-26

▶

Citrix

Citrix Security Bulletin CTX200584↗

▶