Han Sahin, August 2014
It was discovered that the Advent JMX Servlet of Citrix Command Center
is accessible to unauthenticated users. This issue can be abused by
attackers to comprise the entire application.
This issue was discovered in Citrix Command Center 5.1 build 33.3
(including patch CC_SP_5.2_40_1.exe), other versions may also be
vulnerable.
Citrix reports that this vulnerability is fixed in Command Center 5.2
build 42.7, which can be downloaded from the following location (login
required).
https://www.citrix.com/downloads/command-center/product-software/command-center-52-427.html
Citrix assigned BUG0494204 to this issue.