PT-2016-6154 · Citrix · Citrix Xendesktop+2

Published

2016-06-01

Updated

2016-11-30

CVE-2016-4810

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Citrix Studio versions prior to 7.6.1000 Citrix XenDesktop 7.x versions prior to 7.6 LTSR Cumulative Update 1 (CU1) Citrix XenApp versions 7.5 and 7.6

Description The issue allows attackers to set Access Policy rules on the XenDesktop Delivery Controller.

Recommendations For Citrix Studio versions prior to 7.6.1000, update to version 7.6.1000 or later. For Citrix XenDesktop 7.x versions prior to 7.6 LTSR Cumulative Update 1 (CU1), apply Cumulative Update 1 (CU1) or later. For Citrix XenApp versions 7.5 and 7.6, update to a version that is not affected by this issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-4810

Affected Products

Citrix Studio

Citrix Xenapp

Citrix Xendesktop

PT-2016-6154 · Citrix · Citrix Xendesktop+2

CVE-2016-4810

Weakness Enumeration

Related Identifiers

Affected Products

References · 4