CVE-2002-2426
Published Dec 31, 2002
Last updated 14 years ago
Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FF9F197-991D-4920-BE9A-2E3495E76CD2"
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21B89150-1806-481D-B0D9-FD37BA4798D1"
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D04505CA-D715-4094-9B39-61FA8BDB3A4B"
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E406CDDF-A2F6-42EC-B4EF-93258F21C08A"
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "967F31B0-0299-4BCE-91E5-45E2B38CFCE2"
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD859173-2ACD-4C60-8EF4-5B0434EA8244"
}
],
"operator": "OR"
}
]
}
]