6.6 Medium
AI Score
Confidence
Low
0.015 Low
EPSS
Percentile
86.8%
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.
www.securityfocus.com/archive/1/194449
www.securityfocus.com/archive/1/194522
www.securityfocus.com/bid/2956
exchange.xforce.ibmcloud.com/vulnerabilities/6786