CVE-2015-2682
published 2015-03-26CVE-2015-2682: Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to…
PriorityP339medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
10.79%
95.3th percentile
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | command_center | — | — |
| citrix | command_center | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | xenserver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2015-2682: Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/secur
vendor_citrix·2015-03-26·CVSS 5.0
CVE-2015-2682 [MEDIUM] CWE-17 CVE-2015-2682: Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/secur
CVE-2015-2682: Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
Citrix
Citrix Security Bulletin CTX200584
vendor_citrix·CVSS 5.0
CVE-2015-2682 [MEDIUM] Citrix Security Bulletin CTX200584
Citrix Security Bulletin CTX200584
CVE References: CVE-2015-2682, CVE-2015-2683, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-gg63-37ff-2384: Citrix Command Center before 5
ghsa_unreviewed·2022-05-14
CVE-2015-2682 [MEDIUM] GHSA-gg63-37ff-2384: Citrix Command Center before 5
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130928/Citrix-Command-Center-Configuration-Disclosure.htmlhttp://seclists.org/fulldisclosure/2015/Mar/126http://support.citrix.com/article/CTX200584http://www.securityfocus.com/bid/73309http://www.securitytracker.com/id/1031993https://www.exploit-db.com/exploits/36441/https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.htmlhttp://packetstormsecurity.com/files/130928/Citrix-Command-Center-Configuration-Disclosure.htmlhttp://seclists.org/fulldisclosure/2015/Mar/126http://support.citrix.com/article/CTX200584http://www.securityfocus.com/bid/73309http://www.securitytracker.com/id/1031993https://www.exploit-db.com/exploits/36441/https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.html
2015-03-26
Published