CSRF Vulnerability in Citrix Presentation Server and MetaFrame Server
CVE-2002-2426

Currently unrated

Key Information:

Vendor
Citrix
Vendor
CVE Published:
31 December 2002

Summary

A cross-site request forgery vulnerability exists in Citrix Presentation Server and related products that allows remote attackers to leverage the InitialProgram key in an ICA connection. By executing arbitrary published applications under the context of an authenticated user, attackers can potentially gain unauthorized access to sensitive data or execute unintended commands. This vulnerability impacts Citrix Presentation Server versions 4.0 and 4.5, along with MetaFrame Presentation Server 3.0, and Access Essentials versions 1.0 through 2.0. Users are advised to review the configurations and apply necessary security measures to mitigate this risk.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.