CVE-2007-6267

Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://support.citrix.com/article/CTX115281	Patch
http://www.securityfocus.com/bid/26705	Exploit Patch
http://secunia.com/advisories/27935	Vendor Advisory
http://www.securitytracker.com/id?1019050
http://www.vupen.com/english/advisories/2007/4091
https://exchange.xforce.ibmcloud.com/vulnerabilities/38861

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:edgesight_for_endpoints:4.2:::::::*
	cpe:2.3:a:citrix:edgesight_for_netscaler:1.1:::::::*
	cpe:2.3:a:citrix:edgesight_for_presentation_server:4.2:::::::*
	cpe:2.3:a:citrix:edgesight_for_endpoints:4.5:::::::*
	cpe:2.3:a:citrix:edgesight_for_netscaler:1.0:::::::*
	cpe:2.3:a:citrix:edgesight_for_presentation_server:4.5:::::::*

Information

Published : 2007-12-07 03:46

Updated : 2017-08-07 18:29

NVD link : CVE-2007-6267

Mitre link : CVE-2007-6267

JSON object : View

CWE

CWE-255

Credentials Management Errors

Products Affected

citrix

edgesight_for_netscaler
edgesight_for_presentation_server
edgesight_for_endpoints

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.citrix.com/article/CTX115281", "name": "http://support.citrix.com/article/CTX115281", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/26705", "name": "26705", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/27935", "name": "27935", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1019050", "name": "1019050", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2007/4091", "name": "ADV-2007-4091", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38861", "name": "edgesight-configuration-file-info-disclosure(38861)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-6267", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-12-07T11:46Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:citrix:edgesight_for_endpoints:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:edgesight_for_netscaler:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:edgesight_for_presentation_server:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:edgesight_for_endpoints:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:edgesight_for_netscaler:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:edgesight_for_presentation_server:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:29Z"}

2.1 /10