Authentication Bypass in Citrix VDI-In-A-Box Software
CVE-2014-3780

Currently unrated

Key Information:

Vendor: Citrix
Status: Vdi-in-a-box
Vendor: CVE Published:; 30 May 2014

Summary

A vulnerability in Citrix VDI-In-A-Box 5.3.x and 5.4.x allows unauthorized remote attackers to bypass authentication mechanisms through unspecified vectors related to a Java servlet. This flaw potentially exposes sensitive information and allows malicious actors to access restricted areas of the application.

References

http://support.citrix.com/article/CTX140779

x_refsource_CONFIRM

http://www.securitytracker.com/id/1030305

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/67687

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 30, 2014
Vulnerability Reserved
May 19, 2014