Improper input validation in Citrix Access_gateway

CVE-2011-2883

The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (59.2th percentile) — read the EPSS interpretation.

Affected products

Citrix Access_gateway — versions 8.1, 9.0, 9.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20110714 Citrix Access Gateway ActiveX Arbitrary Libary Loading Vulnerability (x_refsource_IDEFENSE, third-party-advisory)