6.5

CVE-2009-2213

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.02% 0.784
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 6.3 6.8 6.9
AV:N/AC:M/Au:S/C:C/I:N/A:N
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://support.citrix.com/article/CTX118770
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/35422
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2009/1641
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/51274
Third Party Advisory
VDB Entry