Citrix Command Center SQL injection vulnerability in CVE-2015-7999)
Citrix Command Center SQL injection vulnerability in CVE-2015-7999)
Release date:
Updated on:
Affected Systems:
Citrix Command Center <= 5.2 Build 44.11
Citrix Command Center <= 5.1 Build 36.7
Description:
CVE (CAN) ID: CVE-2015-7999
Citrix Command Center manages and monitors Citrix NetScaler and CloudBridge system products.
In versions earlier than Citrix Command Center 5.1 Build 36.7 and 5.2 Build 44.11, multiple SQL injection vulnerabilities exist in the Administration Web UI applet. Remote attackers can exploit this vulnerability to execute arbitrary SQL commands.
<* Source: vendor
Link: http://support.citrix.com/article/CTX203787
*>
Suggestion:
Vendor patch:
Citrix
------
Citrix has released a Security Bulletin (CTX203787) and corresponding patches for this:
CTX203787: Multiple SQL Injection Vulnerabilities in Citrix Command Center Web User Interface Java Servlets
Link: http://support.citrix.com/article/CTX203787
This article permanently updates the link address: