CSRF in Citrix Access_essentials
CVE-2002-2426
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and po…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.007 (46.9th percentile) — read the EPSS interpretation.
Affected products
- Citrix Access_essentials — versions 1.0, 1.5, 2.0
- Citrix Metaframe_presentation_server — versions 3.0
- Citrix Presentation_server — versions 4.0, 4.5
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_MISC)
Frequently asked questions
- What is CVE-2002-2426?
- CVE-2002-2426 is a vulnerability in Citrix Access_essentials, classified under Cross-Site Request Forgery (CSRF). Published 2002-12-31.
- Is CVE-2002-2426 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.