Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-2263

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Mar, 2013 | 14:00
Updated At-06 Aug, 2024 | 15:27
Rejected At-
Credits

Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Mar, 2013 | 14:00
Updated At:06 Aug, 2024 | 15:27
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.citrix.com/article/CTX136623
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/82591
vdb-entry
x_refsource_XF
http://secunia.com/advisories/52479
third-party-advisory
x_refsource_SECUNIA
http://www.securitytracker.com/id/1028255
vdb-entry
x_refsource_SECTRACK
http://osvdb.org/90905
vdb-entry
x_refsource_OSVDB
Hyperlink: http://support.citrix.com/article/CTX136623
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/82591
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/52479
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id/1028255
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://osvdb.org/90905
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.citrix.com/article/CTX136623
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/82591
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/52479
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securitytracker.com/id/1028255
vdb-entry
x_refsource_SECTRACK
x_transferred
http://osvdb.org/90905
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://support.citrix.com/article/CTX136623
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/82591
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/52479
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id/1028255
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://osvdb.org/90905
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 Mar, 2013 | 14:55
Updated At:11 Apr, 2025 | 00:51

Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
Citrix (Cloud Software Group, Inc.)
citrix
>>access_gateway>>5.0
cpe:2.3:o:citrix:access_gateway:5.0:-:standard:*:*:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>access_gateway>>5.1
cpe:2.3:o:citrix:access_gateway:5.1:-:standard:*:*:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>access_gateway>>5.2
cpe:2.3:o:citrix:access_gateway:5.2:-:standard:*:*:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>access_gateway>>5.3
cpe:2.3:o:citrix:access_gateway:5.3:-:standard:*:*:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>access_gateway>>5.4
cpe:2.3:o:citrix:access_gateway:5.4:-:standard:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/90905cve@mitre.org
N/A
http://secunia.com/advisories/52479cve@mitre.org
Vendor Advisory
http://support.citrix.com/article/CTX136623cve@mitre.org
Vendor Advisory
http://www.securitytracker.com/id/1028255cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/82591cve@mitre.org
N/A
http://osvdb.org/90905af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/52479af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.citrix.com/article/CTX136623af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securitytracker.com/id/1028255af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/82591af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://osvdb.org/90905
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/52479
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://support.citrix.com/article/CTX136623
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securitytracker.com/id/1028255
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/82591
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/90905
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/52479
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://support.citrix.com/article/CTX136623
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securitytracker.com/id/1028255
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/82591
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

11Records found
CVE-2013-2756
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.05% / 86.16%
||
7 Day CHG~0.00%
Published-23 May, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.

Action-Not Available
Vendor-n/aThe Apache Software FoundationCitrix (Cloud Software Group, Inc.)
Product-cloudstackcloudplatformn/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-2758
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.80% / 85.53%
||
7 Day CHG~0.00%
Published-23 May, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.

Action-Not Available
Vendor-n/aThe Apache Software FoundationCitrix (Cloud Software Group, Inc.)
Product-cloudstackcloudplatformn/a
CVE-2012-6314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.68% / 70.52%
||
7 Day CHG~0.00%
Published-26 Dec, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xendesktopn/a
CVE-2004-1077
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.49% / 64.66%
||
7 Day CHG~0.00%
Published-26 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-metaframe_clientprogram_neighborhood_agentn/a
CVE-2020-8272
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.73%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 00:33
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-sd-wanCitrix SD-WAN Center
CWE ID-CWE-287
Improper Authentication
CVE-2020-8193
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-94.35% / 99.95%
||
7 Day CHG~0.00%
Published-10 Jul, 2020 | 15:38
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-application_delivery_controller_firmwaregateway5000-wogateway_firmwareapplication_delivery_controller5100-wosd-wan_wanop4000-wonetscaler_gateway_firmware4100-wonetscaler_gatewayCitrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2016-4810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.42%
||
7 Day CHG~0.00%
Published-01 Jun, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xendesktopxenappn/a
CWE ID-CWE-284
Improper Access Control
CVE-2013-6943
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.29% / 52.22%
||
7 Day CHG~0.00%
Published-10 Mar, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-netscaler_application_delivery_controller_firmwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-8258
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.42%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 19:42
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-gateway_plug-inCitrix Gateway Plug-in for Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-10111
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 64.95%
||
7 Day CHG~0.00%
Published-06 Mar, 2020 | 20:33
Updated-04 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-gateway_firmwaren/a
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2015-2841
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.41% / 88.57%
||
7 Day CHG~0.00%
Published-03 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-netscalern/a
CWE ID-CWE-284
Improper Access Control
Details not found