PT-2002-1370 · Citrix · Citrix Nfuse

Published

2002-05-03

Updated

2016-10-18

CVE-2002-0301

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Citrix NFuse version 1.6

Description The issue allows remote attackers to bypass authentication and obtain sensitive information. This is achieved by directly calling the "launch.asp" endpoint with invalid NFUSE USER and NFUSE PASSWORD parameters.

Recommendations For Citrix NFuse version 1.6, consider restricting access to the "launch.asp" endpoint until a patch is available. As a temporary workaround, avoid using the NFUSE USER and NFUSE PASSWORD parameters in the affected endpoint to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0301

Affected Products

Citrix Nfuse

PT-2002-1370 · Citrix · Citrix Nfuse

CVE-2002-0301

Related Identifiers

Affected Products

References · 3