TLS Padding Oracle Vulnerability in Citrix NetScaler Gateway and ADC
CVE-2019-6485
5.9MEDIUM
Summary
A TLS Padding Oracle Vulnerability exists in multiple versions of Citrix NetScaler Gateway and Application Delivery Controller. When CBC-based cipher suites are enabled, remote attackers could exploit this flaw to gain unauthorized access to sensitive plaintext information. This vulnerability underscores the need for proper configuration and timely updates to safeguard sensitive data.
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved