Information disclosure in Citrix Netscaler_access_gateway

CVE-2014-4347

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a…

Vulnerability class: Information Disclosure

EPSS: 0.010 (77.1th percentile) — read the EPSS interpretation.

Affected products

Citrix Netscaler_access_gateway
Citrix Netscaler_access_gateway_firmware — versions 9.3, 10.1
Citrix Netscaler_application_delivery_controller
Citrix Netscaler_application_delivery_controller_firmware — versions 9.3, 10.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_MISC)
citrix-netscaler-cve20144347-info-disc(94494) (vdb-entry, x_refsource_XF)
1030573 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
68537 (vdb-entry, x_refsource_BID)
59942 (x_refsource_SECUNIA, third-party-advisory)
20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway (mailing-list, x_refsource_FULLDISC)
1030572 (vdb-entry, x_refsource_SECTRACK)
20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway (mailing-list, x_refsource_BUGTRAQ)