VAR-202207-2009
Vulnerability from variot - Updated: 2023-12-18 13:32Unauthenticated redirection to a malicious website. of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller An open redirect vulnerability exists in firmware.Information may be obtained and information may be tampered with. Used for application security, overall visibility and availability. Prior to 86.17 and Citrix Gateway 13.0, Citrix ADC 12.1-65.15 and prior to Citrix Gateway 12.1, Citrix ADC 12.1-FIPS prior, Citrix ADC 12.1-NDcPP prior to 12.1-55.282
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-2009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "13.0-86.17"
},
{
"model": "application delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "13.1"
},
{
"model": "application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "13.1-24.38"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "13.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1-65.15"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "13.1"
},
{
"model": "application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1-55.282"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "13.0-86.17"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "13.1-24.38"
},
{
"model": "application delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1"
},
{
"model": "application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1-65.15"
},
{
"model": "application delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "13.0"
},
{
"model": "citrix gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "citrix application delivery controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1-24.38",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.1-65.15",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0-86.17",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1-24.38",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.1-65.15",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0-86.17",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.1-55.282",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.1-55.282",
"versionStartIncluding": "12.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"cve": "CVE-2022-27509",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-27509",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-27509",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-2610",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unauthenticated redirection to a malicious website. of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller An open redirect vulnerability exists in firmware.Information may be obtained and information may be tampered with. Used for application security, overall visibility and availability. Prior to 86.17 and Citrix Gateway 13.0, Citrix ADC 12.1-65.15 and prior to Citrix Gateway 12.1, Citrix ADC 12.1-FIPS prior, Citrix ADC 12.1-NDcPP prior to 12.1-55.282",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27509"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "VULHUB",
"id": "VHN-418143"
},
{
"db": "VULMON",
"id": "CVE-2022-27509"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-27509",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2610",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-418143",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-27509",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418143"
},
{
"db": "VULMON",
"id": "CVE-2022-27509"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
]
},
"id": "VAR-202207-2009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-418143"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:32:01.521000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Citrix ADC and Citrix Gateway Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=203341"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.1
},
{
"problemtype": "Open redirect (CWE-601) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418143"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://support.citrix.com/article/ctx457836"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27509"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-27509/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418143"
},
{
"db": "VULMON",
"id": "CVE-2022-27509"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-418143"
},
{
"db": "VULMON",
"id": "CVE-2022-27509"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"db": "NVD",
"id": "CVE-2022-27509"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-418143"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27509"
},
{
"date": "2023-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"date": "2022-07-28T14:15:08.380000",
"db": "NVD",
"id": "CVE-2022-27509"
},
{
"date": "2022-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-418143"
},
{
"date": "2022-07-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27509"
},
{
"date": "2023-09-14T08:12:00",
"db": "JVNDB",
"id": "JVNDB-2022-014127"
},
{
"date": "2022-08-05T15:01:51.680000",
"db": "NVD",
"id": "CVE-2022-27509"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "of Citrix Systems \u00a0Citrix\u00a0Gateway\u00a0 and \u00a0Citrix\u00a0Application\u00a0Delivery\u00a0Controller\u00a0 Open redirect vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014127"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2610"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…