Vulnerabilities > CVE-2015-2682 - Code vulnerability in Citrix Command Center 5.1/5.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Citrix Command Center - Credential Disclosure. CVE-2015-2682. Webapps exploit for xml platform |
| file | exploits/xml/webapps/36441.txt |
| id | EDB-ID:36441 |
| last seen | 2016-02-04 |
| modified | 2015-03-19 |
| platform | xml |
| port | 8443 |
| published | 2015-03-19 |
| reporter | Han Sahin |
| source | https://www.exploit-db.com/download/36441/ |
| title | Citrix Command Center - Credential Disclosure |
| type | webapps |
References
- http://packetstormsecurity.com/files/130928/Citrix-Command-Center-Configuration-Disclosure.html
- http://seclists.org/fulldisclosure/2015/Mar/126
- http://support.citrix.com/article/CTX200584
- http://www.securityfocus.com/bid/73309
- http://www.securitytracker.com/id/1031993
- https://www.exploit-db.com/exploits/36441/
- https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.html