PT-2016-6154 · Citrix · Citrix Xendesktop+2

Publicado

2016-06-01

Atualizado

2016-11-30

CVE-2016-4810

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Citrix Studio versions prior to 7.6.1000 Citrix XenDesktop 7.x versions prior to 7.6 LTSR Cumulative Update 1 (CU1) Citrix XenApp versions 7.5 and 7.6

Description The issue allows attackers to set Access Policy rules on the XenDesktop Delivery Controller.

Recommendations For Citrix Studio versions prior to 7.6.1000, update to version 7.6.1000 or later. For Citrix XenDesktop 7.x versions prior to 7.6 LTSR Cumulative Update 1 (CU1), apply Cumulative Update 1 (CU1) or later. For Citrix XenApp versions 7.5 and 7.6, update to a version that is not affected by this issue.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2016-4810

Produtos afetados

Citrix Studio

Citrix Xenapp

Citrix Xendesktop

PT-2016-6154 · Citrix · Citrix Xendesktop+2

CVE-2016-4810

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4