CVE-2002-0301

Name of the Vulnerable Software and Affected Versions Citrix NFuse version 1.6

Description The issue allows remote attackers to bypass authentication and obtain sensitive information. This is achieved by directly calling the "launch.asp" endpoint with invalid NFUSE USER and NFUSE PASSWORD parameters.

Recommendations For Citrix NFuse version 1.6, consider restricting access to the "launch.asp" endpoint until a patch is available. As a temporary workaround, avoid using the NFUSE USER and NFUSE PASSWORD parameters in the affected endpoint to minimize the risk of exploitation.