CVE-2009-2213

EPSS 0.08%
Published 25.06.2009 23:14:15
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Netscaler Access Gateway Firmware Version <= 8.1

Citrix ≫ Netscaler Access Gateway Firmware Version7.0

Citrix ≫ Netscaler Access Gateway Firmware Version8.0

Citrix ≫ Netscaler Access Gateway Firmware Version9.0

Citrix ≫ Netscaler Access Gateway Version- Update- Editionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.196

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	6.3	6.8	6.9	AV:N/AC:M/Au:S/C:C/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://support.citrix.com/article/CTX118770

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/35422

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2009/1641

Permissions Required

https://exchange.xforce.ibmcloud.com/vulnerabilities/51274

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2009-2213

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2213

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2213

EUVD