8.1
CVE-2024-8535
- EPSS 0.32%
- Published 12.11.2024 19:15:19
- Last modified 25.07.2025 18:59:58
- Source secure@citrix.com
- Teams watchlist Login
- Open Login
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
Data is provided by the National Vulnerability Database (NVD)
Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 12.1 < 12.1-55.321
Citrix ≫ Netscaler Application Delivery Controller SwEditionndcpp Version >= 12.1 < 12.1-55.321
Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 12.1 < 13.1-55.34
Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 13.1 < 13.1-37.207
Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 14.1 < 14.1-29.72
Citrix ≫ NetScaler Gateway Version >= 12.1 < 13.1-55.34
Citrix ≫ NetScaler Gateway Version >= 14.1 < 14.1-29.72
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.542 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| secure@citrix.com | 5.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.