CVE-2016-4810

Published Jun 1, 2016

Last updated 8 years ago

CVSS high 7.5

Overview

Description: Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32E4F74A-5F0E-4594-9BB3-8041BEE338C6"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenapp:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98334CF7-5B0E-42EC-919C-FBDECFD4D810"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22560F24-4D19-41E3-BEFD-4AABB8E289E2"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B75A1E4B-38FB-427D-9293-2113B00CE60D"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FD95B20-D022-4DDA-862A-2744F303D5F5"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12D36FDF-2923-4E9C-8B94-688A56A4E047"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.6:fp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "986EAB37-3DFE-4C89-A066-EE4A46EB4CA2"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.6:fp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58C64C20-B5E7-4698-BD76-86C06648C5D3"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.6:fp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87AA263B-AF98-4BF2-9306-C396389A727C"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xendesktop:7.6:ltsr:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40305BFB-58B4-4A60-BE6C-1074C6D4F205"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References