Today > 1 Critical | 2 High | 6 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-8535

Nov. 21, 2024, 5:15 p.m.

Product(s) Impacted

NetScaler ADC

NetScaler Gateway

Description

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources

Weaknesses

CWE-552
Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

CWE ID: 552

Date

Published: Nov. 12, 2024, 7:15 p.m.

Last Modified: Nov. 21, 2024, 5:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secure@citrix.com

References