CVE-2015-2683 — Citrix Command Center vulnerability

CWE-2644 documents3 sources

Severity

7.5HIGHNVD

EPSS

3.3%

top 12.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Command Center Citrix ADM Citrix Hypervisor +5 more

Timeline

PublishedMar 26

Latest updateMay 14

Description

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages8 packages

▶NVDcitrix/command_center5.1, 5.2+1

▶citrixcitrix/endpoint_management

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/netscaler_adc

🔴Vulnerability Details

GHSA

GHSA-9wch-45vf-46vq: Citrix Command Center before 5↗2022-05-14

▶

📋Vendor Advisories

Citrix

CVE-2015-2683: Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX)↗2015-03-26

▶

Citrix

Citrix Security Bulletin CTX200584↗

▶