cvelistv5 - cve-2022-27509

CVE-2022-27509 (GCVE-0-2022-27509)

Vulnerability from cvelistv5 – Published: 2022-07-28 13:11 – Updated: 2024-09-16 18:43

Summary

Unauthenticated redirection to a malicious website

Severity ?

No CVSS data available.

CWE

Unauthenticated redirection to a malicious website

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/article/CTX457836

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Citirx	Citrix Application Delivery Management (Citrix ADC) and Citrix Gateway	Affected: 13.1 , < 24.38 (custom) Affected: 13.0 , < 86.17 (custom) Affected: 12.1 , < 65.15 (custom)

Credits

James Kettle

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:59.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX457836"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Citrix Application Delivery Management (Citrix ADC) and Citrix Gateway",
          "vendor": "Citirx",
          "versions": [
            {
              "lessThan": "24.38",
              "status": "affected",
              "version": "13.1",
              "versionType": "custom"
            },
            {
              "lessThan": "86.17",
              "status": "affected",
              "version": "13.0",
              "versionType": "custom"
            },
            {
              "lessThan": "65.15",
              "status": "affected",
              "version": "12.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "James Kettle"
        }
      ],
      "datePublic": "2022-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unauthenticated redirection to a malicious website"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unauthenticated redirection to a malicious website",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T13:11:43",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.citrix.com/article/CTX457836"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated redirection to a malicious website",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@citrix.com",
          "DATE_PUBLIC": "2022-07-26T22:20:00.000Z",
          "ID": "CVE-2022-27509",
          "STATE": "PUBLIC",
          "TITLE": "Unauthenticated redirection to a malicious website"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Citrix Application Delivery Management (Citrix ADC) and Citrix Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "13.1",
                            "version_value": "24.38"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "13.0",
                            "version_value": "86.17"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "12.1",
                            "version_value": "65.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Citirx"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "James Kettle"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unauthenticated redirection to a malicious website"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unauthenticated redirection to a malicious website"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX457836",
              "refsource": "MISC",
              "url": "https://support.citrix.com/article/CTX457836"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2022-27509",
    "datePublished": "2022-07-28T13:11:43.072489Z",
    "dateReserved": "2022-03-21T00:00:00",
    "dateUpdated": "2024-09-16T18:43:25.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-65.15\", \"matchCriteriaId\": \"61981F03-ECC8-43E0-80E6-0A689F3D783F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.0-86.17\", \"matchCriteriaId\": \"E2D911A3-F43F-448D-B861-CE1CA3DF2504\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1\", \"versionEndExcluding\": \"13.1-24.38\", \"matchCriteriaId\": \"FFE32178-CFBE-4F01-BB47-80C205BDA33F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-65.15\", \"matchCriteriaId\": \"EBF33AE6-08BD-46FF-8833-20D2849F09EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.0-86.17\", \"matchCriteriaId\": \"7439391A-903B-488E-A402-65C6AA1CEA02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1\", \"versionEndExcluding\": \"13.1-24.38\", \"matchCriteriaId\": \"0699EDF2-D5F6-43B5-AE5C-2CC6630B0722\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E69E10-6F40-4FE4-9D84-F6C25EAB79D8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-55.282\", \"matchCriteriaId\": \"56FEAF85-756E-4022-A9BF-E0E46AFA1936\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-55.282\", \"matchCriteriaId\": \"C75D1B42-41FB-4C4E-A7E1-79DF4C258C0F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E69E10-6F40-4FE4-9D84-F6C25EAB79D8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unauthenticated redirection to a malicious website\"}, {\"lang\": \"es\", \"value\": \"Un redireccionamiento no autenticado a un sitio web malicioso\"}]",
      "id": "CVE-2022-27509",
      "lastModified": "2024-11-21T06:55:51.903",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
      "published": "2022-07-28T14:15:08.380",
      "references": "[{\"url\": \"https://support.citrix.com/article/CTX457836\", \"source\": \"secure@citrix.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.citrix.com/article/CTX457836\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@citrix.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-27509\",\"sourceIdentifier\":\"secure@citrix.com\",\"published\":\"2022-07-28T14:15:08.380\",\"lastModified\":\"2024-11-21T06:55:51.903\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unauthenticated redirection to a malicious website\"},{\"lang\":\"es\",\"value\":\"Un redireccionamiento no autenticado a un sitio web malicioso\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-65.15\",\"matchCriteriaId\":\"61981F03-ECC8-43E0-80E6-0A689F3D783F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-86.17\",\"matchCriteriaId\":\"E2D911A3-F43F-448D-B861-CE1CA3DF2504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-24.38\",\"matchCriteriaId\":\"FFE32178-CFBE-4F01-BB47-80C205BDA33F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-65.15\",\"matchCriteriaId\":\"EBF33AE6-08BD-46FF-8833-20D2849F09EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-86.17\",\"matchCriteriaId\":\"7439391A-903B-488E-A402-65C6AA1CEA02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-24.38\",\"matchCriteriaId\":\"0699EDF2-D5F6-43B5-AE5C-2CC6630B0722\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E69E10-6F40-4FE4-9D84-F6C25EAB79D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.282\",\"matchCriteriaId\":\"56FEAF85-756E-4022-A9BF-E0E46AFA1936\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.282\",\"matchCriteriaId\":\"C75D1B42-41FB-4C4E-A7E1-79DF4C258C0F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E69E10-6F40-4FE4-9D84-F6C25EAB79D8\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX457836\",\"source\":\"secure@citrix.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX457836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2022-27509

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Unauthenticated redirection to a malicious website

Aliases

CVE-2022-27509

Aliases

CVE-2022-27509

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-27509",
    "description": "Unauthenticated redirection to a malicious website",
    "id": "GSD-2022-27509"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-27509"
      ],
      "details": "Unauthenticated redirection to a malicious website",
      "id": "GSD-2022-27509",
      "modified": "2023-12-13T01:19:41.246862Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@citrix.com",
        "DATE_PUBLIC": "2022-07-26T22:20:00.000Z",
        "ID": "CVE-2022-27509",
        "STATE": "PUBLIC",
        "TITLE": "Unauthenticated redirection to a malicious website"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Citrix Application Delivery Management (Citrix ADC) and Citrix Gateway",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.1",
                          "version_value": "24.38 "
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.0",
                          "version_value": "86.17 "
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1",
                          "version_value": "65.15 "
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Citirx"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "James Kettle"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unauthenticated redirection to a malicious website"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Unauthenticated redirection to a malicious website  "
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/CTX457836",
            "refsource": "MISC",
            "url": "https://support.citrix.com/article/CTX457836"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1-24.38",
                "versionStartIncluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-65.15",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0-86.17",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.1-24.38",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1-65.15",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.0-86.17",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1-55.282",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1-55.282",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@citrix.com",
          "ID": "CVE-2022-27509"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unauthenticated redirection to a malicious website"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-601"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX457836",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.citrix.com/article/CTX457836"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2022-08-05T15:01Z",
      "publishedDate": "2022-07-28T14:15Z"
    }
  }
}

VAR-202207-2009

Vulnerability from variot - Updated: 2023-12-18 13:32

Unauthenticated redirection to a malicious website. of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller An open redirect vulnerability exists in firmware.Information may be obtained and information may be tampered with. Used for application security, overall visibility and availability. Prior to 86.17 and Citrix Gateway 13.0, Citrix ADC 12.1-65.15 and prior to Citrix Gateway 12.1, Citrix ADC 12.1-FIPS prior, Citrix ADC 12.1-NDcPP prior to 12.1-55.282

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-2009",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0-86.17"
      },
      {
        "model": "application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1"
      },
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1-24.38"
      },
      {
        "model": "gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0"
      },
      {
        "model": "gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1-65.15"
      },
      {
        "model": "gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1"
      },
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1-55.282"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0-86.17"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1-24.38"
      },
      {
        "model": "application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1"
      },
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1-65.15"
      },
      {
        "model": "application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0"
      },
      {
        "model": "citrix gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "citrix application delivery controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014127"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27509"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1-24.38",
                "versionStartIncluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-65.15",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0-86.17",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.1-24.38",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1-65.15",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.0-86.17",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1-55.282",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1-55.282",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-27509"
      }
    ]
  },
  "cve": "CVE-2022-27509",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2022-27509",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-27509",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202207-2610",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014127"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2610"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unauthenticated redirection to a malicious website. of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller An open redirect vulnerability exists in firmware.Information may be obtained and information may be tampered with. Used for application security, overall visibility and availability. Prior to 86.17 and Citrix Gateway 13.0, Citrix ADC 12.1-65.15 and prior to Citrix Gateway 12.1, Citrix ADC 12.1-FIPS prior, Citrix ADC 12.1-NDcPP prior to 12.1-55.282",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-27509"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014127"
      },
      {
        "db": "VULHUB",
        "id": "VHN-418143"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27509"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-27509",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014127",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2610",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-418143",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27509",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418143"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27509"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014127"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2610"
      }
    ]
  },
  "id": "VAR-202207-2009",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418143"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:32:01.521000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Citrix ADC  and  Citrix Gateway Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=203341"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2610"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-601",
        "trust": 1.1
      },
      {
        "problemtype": "Open redirect (CWE-601) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418143"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014127"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27509"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://support.citrix.com/article/ctx457836"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27509"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-27509/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418143"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27509"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014127"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2610"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-418143"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27509"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014127"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2610"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-418143"
      },
      {
        "date": "2022-07-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-27509"
      },
      {
        "date": "2023-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-014127"
      },
      {
        "date": "2022-07-28T14:15:08.380000",
        "db": "NVD",
        "id": "CVE-2022-27509"
      },
      {
        "date": "2022-07-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-2610"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-418143"
      },
      {
        "date": "2022-07-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-27509"
      },
      {
        "date": "2023-09-14T08:12:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-014127"
      },
      {
        "date": "2022-08-05T15:01:51.680000",
        "db": "NVD",
        "id": "CVE-2022-27509"
      },
      {
        "date": "2022-08-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-2610"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2610"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "of Citrix Systems \u00a0Citrix\u00a0Gateway\u00a0 and \u00a0Citrix\u00a0Application\u00a0Delivery\u00a0Controller\u00a0 Open redirect vulnerability in firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014127"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2610"
      }
    ],
    "trust": 0.6
  }
}

GHSA-XGWP-WF98-3XHC

Vulnerability from github – Published: 2022-07-29 00:00 – Updated: 2022-08-06 00:00

Details

Unauthenticated redirection to a malicious website

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-27509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-28T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Unauthenticated redirection to a malicious website",
  "id": "GHSA-xgwp-wf98-3xhc",
  "modified": "2022-08-06T00:00:49Z",
  "published": "2022-07-29T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27509"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX457836"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2022-AVI-681

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Citrix ADC et Gateway. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix ADC 12.1-FIPS versions 12.1-x antérieures à 12.1-55.282
Citrix	N/A	Citrix ADC 12.1-NDcPP versions 12.1-x antérieures à 12.1-55.282
Citrix	N/A	Citrix ADC et Citrix Gateway versions 13.0-x antérieures à 13.0-86.17
Citrix	N/A	Citrix ADC et Citrix Gateway versions 12.1-x antérieures à 12.1-65.15
Citrix	N/A	Citrix ADC et Citrix Gateway versions 13.1-x antérieures à 13.1-24.38

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX457836 du 26 juillet 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix ADC 12.1-FIPS versions 12.1-x ant\u00e9rieures \u00e0 12.1-55.282",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC 12.1-NDcPP versions 12.1-x ant\u00e9rieures \u00e0 12.1-55.282",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.0-x ant\u00e9rieures \u00e0 13.0-86.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 12.1-x ant\u00e9rieures \u00e0 12.1-65.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.1-x ant\u00e9rieures \u00e0 13.1-24.38",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-27509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27509"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-681",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Citrix ADC et Gateway. Elle\npermet \u00e0 un attaquant de provoquer un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Citrix ADC et Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX457836 du 26 juillet 2022",
      "url": "https://support.citrix.com/article/CTX457836/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227509"
    }
  ]
}

CERTFR-2022-AVI-681

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Citrix ADC et Gateway. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix ADC 12.1-FIPS versions 12.1-x antérieures à 12.1-55.282
Citrix	N/A	Citrix ADC 12.1-NDcPP versions 12.1-x antérieures à 12.1-55.282
Citrix	N/A	Citrix ADC et Citrix Gateway versions 13.0-x antérieures à 13.0-86.17
Citrix	N/A	Citrix ADC et Citrix Gateway versions 12.1-x antérieures à 12.1-65.15
Citrix	N/A	Citrix ADC et Citrix Gateway versions 13.1-x antérieures à 13.1-24.38

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX457836 du 26 juillet 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix ADC 12.1-FIPS versions 12.1-x ant\u00e9rieures \u00e0 12.1-55.282",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC 12.1-NDcPP versions 12.1-x ant\u00e9rieures \u00e0 12.1-55.282",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.0-x ant\u00e9rieures \u00e0 13.0-86.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 12.1-x ant\u00e9rieures \u00e0 12.1-65.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.1-x ant\u00e9rieures \u00e0 13.1-24.38",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-27509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27509"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-681",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Citrix ADC et Gateway. Elle\npermet \u00e0 un attaquant de provoquer un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Citrix ADC et Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX457836 du 26 juillet 2022",
      "url": "https://support.citrix.com/article/CTX457836/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227509"
    }
  ]
}

FKIE_CVE-2022-27509

Vulnerability from fkie_nvd - Published: 2022-07-28 14:15 - Updated: 2024-11-21 06:55

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Unauthenticated redirection to a malicious website

References

	URL	Tags
	secure@citrix.com	https://support.citrix.com/article/CTX457836	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX457836	Vendor Advisory

Impacted products

Vendor	Product	Version
citrix	gateway	*
citrix	gateway	*
citrix	gateway	*
citrix	application_delivery_controller_firmware	*
citrix	application_delivery_controller_firmware	*
citrix	application_delivery_controller_firmware	*
citrix	application_delivery_controller	-
citrix	application_delivery_controller_firmware	*
citrix	application_delivery_controller_firmware	*
citrix	application_delivery_controller	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61981F03-ECC8-43E0-80E6-0A689F3D783F",
              "versionEndExcluding": "12.1-65.15",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D911A3-F43F-448D-B861-CE1CA3DF2504",
              "versionEndExcluding": "13.0-86.17",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE32178-CFBE-4F01-BB47-80C205BDA33F",
              "versionEndExcluding": "13.1-24.38",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBF33AE6-08BD-46FF-8833-20D2849F09EE",
              "versionEndExcluding": "12.1-65.15",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7439391A-903B-488E-A402-65C6AA1CEA02",
              "versionEndExcluding": "13.0-86.17",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0699EDF2-D5F6-43B5-AE5C-2CC6630B0722",
              "versionEndExcluding": "13.1-24.38",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*",
              "matchCriteriaId": "56FEAF85-756E-4022-A9BF-E0E46AFA1936",
              "versionEndExcluding": "12.1-55.282",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*",
              "matchCriteriaId": "C75D1B42-41FB-4C4E-A7E1-79DF4C258C0F",
              "versionEndExcluding": "12.1-55.282",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unauthenticated redirection to a malicious website"
    },
    {
      "lang": "es",
      "value": "Un redireccionamiento no autenticado a un sitio web malicioso"
    }
  ],
  "id": "CVE-2022-27509",
  "lastModified": "2024-11-21T06:55:51.903",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T14:15:08.380",
  "references": [
    {
      "source": "secure@citrix.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX457836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX457836"
    }
  ],
  "sourceIdentifier": "secure@citrix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-27509 (GCVE-0-2022-27509)

GSD-2022-27509

VAR-202207-2009

GHSA-XGWP-WF98-3XHC

CERTFR-2022-AVI-681

Solution

CERTFR-2022-AVI-681

Solution

FKIE_CVE-2022-27509

Tags

Sightings

Nomenclature