CVE-2023-3466Improper Input Validation in Citrix ADC

CWE-20Improper Input ValidationCWE-269Improper Privilege ManagementCWE-94Code Injection17 documents9 sources
Severity
8.3HIGHVulnCheck
No vector
EPSS
1.2%
top 21.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Citrix ADCCitrix GatewayCitrix Netscaler ADC+2 more
Timeline
Latest updateFeb 26

Description

Citrix NetScaler ADC and NetScaler Gateway Improper Input Validation Reflected Cross-Site Scripting (XSS) Affected: Citrix NetScaler ADC and NetScaler Gateway Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. Exploitation References: https://www.sentinelone.com/resources/watchtower-end-of-year-report-2023/; https://www.cisa.gov/sites/default/files/2024-11/aa24-317a-2023-top-routinely-exp

Affected Packages5 packages

🔴Vulnerability Details

1
VulnCheck
Citrix NetScaler ADC and NetScaler Gateway Improper Input Validation2023

📋Vendor Advisories

1
Citrix
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-34672023-07-18

🕵️Threat Intelligence

15
Greynoiseio
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs2025-02-26
Qualys
Defense Lessons From the Black Basta Ransomware Playbook2025-02-25
Qualys
Defense Lessons From the Black Basta Ransomware Playbook | Qualys2025-02-25
Trendmicro
Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella2024-11-19
Trendmicro
Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella2024-11-19