PT-2016-6355 · Citrix · Citrix Xenserver

Published

2016-06-13

Updated

2016-06-20

CVE-2016-5302

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Citrix XenServer versions prior to 7.0 Hotfix XS70E003

Description The issue might allow remote attackers on the management network to compromise a host by leveraging credentials for an Active Directory account, specifically when a deployment has been upgraded from an earlier release.

Recommendations For versions prior to 7.0 Hotfix XS70E003, apply Hotfix XS70E003 to resolve the issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-5302

Affected Products

Citrix Xenserver

PT-2016-6355 · Citrix · Citrix Xenserver

CVE-2016-5302

Weakness Enumeration

Related Identifiers

Affected Products

References · 5