Information Disclosure Vulnerability in Citrix ADC and Gateway Products
CVE-2019-18177

6.5MEDIUM

Key Information:

Vendor: Citrix
Status: Application Delivery Controller Firmware
Vendor: CVE Published:; 26 December 2022

Summary

An information disclosure vulnerability exists in certain Citrix products that allows an authenticated VPN user to access sensitive data via a configured SSL VPN endpoint. This issue impacts Citrix ADC and Citrix Gateway versions 13.0-58.30 and later, prior to the release of update CTX276688, posing potential risks to user data security.

References

https://support.citrix.com/article/CTX276688/citrix-appli...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2022
Vulnerability Reserved
Oct 17, 2019