CVE-2009-2213

EPSS 0.08%
Veröffentlicht 25.06.2009 23:14:15
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Citrix ≫ Netscaler Access Gateway Firmware Version <= 8.1

Citrix ≫ Netscaler Access Gateway Firmware Version7.0

Citrix ≫ Netscaler Access Gateway Firmware Version8.0

Citrix ≫ Netscaler Access Gateway Firmware Version9.0

Citrix ≫ Netscaler Access Gateway Version- Update- Editionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.196

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	6.3	6.8	6.9	AV:N/AC:M/Au:S/C:C/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://support.citrix.com/article/CTX118770

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/35422

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2009/1641

Permissions Required

https://exchange.xforce.ibmcloud.com/vulnerabilities/51274

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2009-2213

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2213

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2213

EUVD