Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Edgesight_for_endpoints | Citrix | 4.2 (including) | 4.2 (including) |
| Edgesight_for_endpoints | Citrix | 4.5 (including) | 4.5 (including) |
| Edgesight_for_netscaler | Citrix | 1.0 (including) | 1.0 (including) |
| Edgesight_for_netscaler | Citrix | 1.1 (including) | 1.1 (including) |
| Edgesight_for_presentation_server | Citrix | 4.2 (including) | 4.2 (including) |
| Edgesight_for_presentation_server | Citrix | 4.5 (including) | 4.5 (including) |
References
- http://secunia.com/advisories/27935
- http://support.citrix.com/article/CTX115281
- http://www.securityfocus.com/bid/26705
- http://www.securitytracker.com/id?1019050
- http://www.vupen.com/english/advisories/2007/4091
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38861
- http://secunia.com/advisories/27935
- http://support.citrix.com/article/CTX115281
- http://www.securityfocus.com/bid/26705
- http://www.securitytracker.com/id?1019050
- http://www.vupen.com/english/advisories/2007/4091
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38861