CVE-2015-7999 — HIGH (8.1) — White Hats Nepal

Vulnerability Description

Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Citrix	Command Center	5.1

Related Weaknesses (CWE)

CWE-89

References

http://support.citrix.com/article/CTX203787Vendor Advisory
http://www.securityfocus.com/bid/79659Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034520Third Party AdvisoryVDB Entry
http://support.citrix.com/article/CTX203787Vendor Advisory
http://www.securityfocus.com/bid/79659Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034520Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-7999?

CVE-2015-7999 is a vulnerability with a CVSS score of 8.1 (HIGH). Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbit...

How severe is CVE-2015-7999?

CVE-2015-7999 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7999?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Command Center.