Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31818
HistoryMar 21, 2015 - 12:00 a.m.

Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users

2015-03-2100:00:00
vulners.com
15

Advent JMX Servlet of Citrx Command Center is accessible to
unauthenticated users

Han Sahin, August 2014


Abstract

It was discovered that the Advent JMX Servlet of Citrix Command Center
is accessible to unauthenticated users. This issue can be abused by
attackers to comprise the entire application.


Tested version

This issue was discovered in Citrix Command Center 5.1 build 33.3
(including patch CC_SP_5.2_40_1.exe), other versions may also be
vulnerable.


Fix

Citrix reports that this vulnerability is fixed in Command Center 5.2
build 42.7, which can be downloaded from the following location (login
required).
https://www.citrix.com/downloads/command-center/product-software/command-center-52-427.html

Citrix assigned BUG0494204 to this issue.


Details

https://www.securify.nl/advisory/SFY20140804/advent_jmx_servlet_of_citrx_command_center_is_accessible_to_unauthenticated_users.html