CVE-2023-4966 | Vulnerability Database | Aqua Security

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Affected Software

Name	Vendor	Start Version	End Version
Netscaler_application_delivery_controller	Citrix	12.1 (including)	12.1-55.300 (excluding)
Netscaler_application_delivery_controller	Citrix	13.0 (including)	13.0-92.19 (excluding)
Netscaler_application_delivery_controller	Citrix	13.1 (including)	13.1-37.164 (excluding)
Netscaler_application_delivery_controller	Citrix	13.1 (including)	13.1-49.15 (excluding)
Netscaler_application_delivery_controller	Citrix	14.1 (including)	14.1-8.50 (excluding)
Netscaler_gateway	Citrix	13.0 (including)	13.0-92.19 (excluding)
Netscaler_gateway	Citrix	13.1 (including)	13.1-49.15 (excluding)
Netscaler_gateway	Citrix	14.1 (including)	14.1-8.50 (excluding)

References

http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html
https://support.citrix.com/article/CTX579459

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-4966
CWE	https://cwe.mitre.org/data/definitions/.html