Lucene search

[email protected]CVE-2015-2683

HistoryMar 26, 2015 - 2:59 p.m.

CVE-2015-2683

2015-03-2614:59:02

CWE-264

[email protected]

web.nvd.nist.gov

citrix

command center

remote code execution

cve-2015-2683

jmx servlet

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.077 Low

EPSS

Percentile

94.2%

JSON

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.

Affected configurations

NVD

Node

citrixcommand_centerMatch5.1

citrixcommand_centerMatch5.2

CPENameOperatorVersion
citrix:command_centercitrix command centereq5.1
citrix:command_centercitrix command centereq5.2

CPE	Name	Operator	Version
citrix:command_center	citrix command center	eq	5.1
citrix:command_center	citrix command center	eq	5.2

References

packetstormsecurity.com/files/130930/Citrx-Command-Center-Advent-JMX-Servlet-Accessible.html

seclists.org/fulldisclosure/2015/Mar/127

support.citrix.com/article/CTX200584

www.securityfocus.com/archive/1/534933/100/0/threaded

www.securityfocus.com/bid/73313

www.securitytracker.com/id/1031993

www.securify.nl/advisory/SFY20140804/advent_jmx_servlet_of_citrx_command_center_is_accessible_to_unauthenticated_users.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.077 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2015-2683

cvelist1 prion1 nvd1 kaspersky1