Vulnerability Details : CVE-2015-2683
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.
Vulnerability category: Execute code
Products affected by CVE-2015-2683
- cpe:2.3:a:citrix:command_center:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:command_center:5.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2683
4.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2683
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-2683
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2683
-
http://www.securityfocus.com/archive/1/534933/100/0/threaded
SecurityFocus
-
http://support.citrix.com/article/CTX200584
Vulnerabilities in Citrix Command Center Could Result in Credential Disclosure and Host Compromise
-
http://seclists.org/fulldisclosure/2015/Mar/127
Full Disclosure: Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users
-
http://www.securityfocus.com/bid/73313
Citrix Command Center 'Advent JMX' Servlet Unauthorized Access Vulnerability
-
http://packetstormsecurity.com/files/130930/Citrx-Command-Center-Advent-JMX-Servlet-Accessible.html
Citrx Command Center Advent JMX Servlet Accessible ≈ Packet StormExploit
-
http://www.securitytracker.com/id/1031993
Citrix Command Center Bugs Let Remote Users Download Files and Execute Arbitrary Code - SecurityTracker
-
https://www.securify.nl/advisory/SFY20140804/advent_jmx_servlet_of_citrx_command_center_is_accessible_to_unauthenticated_users.html
Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users - Security Advisories and Insights - Securify B.V.Exploit
Jump to