CSRF Vulnerability in Citrix Presentation Server and MetaFrame Server
CVE-2002-2426
Currently unrated
Key Information:
- Vendor
- Citrix
- Vendor
- CVE Published:
- 31 December 2002
Summary
A cross-site request forgery vulnerability exists in Citrix Presentation Server and related products that allows remote attackers to leverage the InitialProgram key in an ICA connection. By executing arbitrary published applications under the context of an authenticated user, attackers can potentially gain unauthorized access to sensitive data or execute unintended commands. This vulnerability impacts Citrix Presentation Server versions 4.0 and 4.5, along with MetaFrame Presentation Server 3.0, and Access Essentials versions 1.0 through 2.0. Users are advised to review the configurations and apply necessary security measures to mitigate this risk.
References
Timeline
Vulnerability Reserved
Vulnerability published