Configuration Disclosure in Citrix Command Center
CVE-2015-2682

Currently unrated

Key Information:

Vendor: Citrix
Status: Command Center
Vendor: CVE Published:; 26 March 2015

Summary

The vulnerability in Citrix Command Center allows remote attackers to access sensitive configuration files, specifically credentials stored in the security database. By making a direct request to the endpoint conf/securitydbData.xml, unauthorized users can retrieve this critical information, potentially compromising the security of affected systems. Proper security measures and updates are essential to mitigate this risk.

References

https://www.securify.nl/advisory/SFY20140802/citrix_comma...

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Mar/126

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/130928/Citrix-Comman...

x_refsource_MISC

EPSS Score

38% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 26, 2015
Vulnerability Reserved
Mar 23, 2015