5.9
CVE-2019-6485
- EPSS 0.46%
- Published 22.02.2019 23:29:00
- Last modified 21.11.2024 04:46:31
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
Data is provided by the National Vulnerability Database (NVD)
Citrix ≫ Netscaler Gateway Firmware Version10.5
Citrix ≫ Netscaler Gateway Firmware Version11.0
Citrix ≫ Netscaler Gateway Firmware Version11.1
Citrix ≫ Netscaler Gateway Firmware Version12.0
Citrix ≫ Netscaler Gateway Firmware Version12.1
Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.5
Citrix ≫ Netscaler Application Delivery Controller Firmware Version11.0
Citrix ≫ Netscaler Application Delivery Controller Firmware Version11.1
Citrix ≫ Netscaler Application Delivery Controller Firmware Version12.0
Citrix ≫ Netscaler Application Delivery Controller Firmware Version12.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.633 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.