CVE-2007-6267 - OpenCVE

Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Edgesight For Netscaler Edgesight For Presentation Server Edgesight For Endpoints

Configuration 1 [-]

OR	cpe:2.3:a:citrix:edgesight_for_endpoints:4.2:::::::*
	cpe:2.3:a:citrix:edgesight_for_endpoints:4.5:::::::*
	cpe:2.3:a:citrix:edgesight_for_netscaler:1.0:::::::*
	cpe:2.3:a:citrix:edgesight_for_netscaler:1.1:::::::*
	cpe:2.3:a:citrix:edgesight_for_presentation_server:4.2:::::::*
	cpe:2.3:a:citrix:edgesight_for_presentation_server:4.5:::::::*

References

Link	Resource
http://secunia.com/advisories/27935	Vendor Advisory
http://support.citrix.com/article/CTX115281	Patch
http://www.securityfocus.com/bid/26705	Exploit Patch
http://www.securitytracker.com/id?1019050
http://www.vupen.com/english/advisories/2007/4091
https://exchange.xforce.ibmcloud.com/vulnerabilities/38861

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-07T11:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2007-12-07T00:00:00

Link: CVE-2007-6267

JSON object: View

NVD Information

Status : Modified

Published: 2007-12-07T11:46:00.000

Modified: 2017-08-08T01:29:03.307

Link: CVE-2007-6267

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX115281"}, {"name": "edgesight-configuration-file-info-disclosure(38861)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38861"}, {"name": "ADV-2007-4091", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4091"}, {"name": "1019050", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019050"}, {"name": "26705", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26705"}, {"name": "27935", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27935"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6267", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.citrix.com/article/CTX115281", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX115281"}, {"name": "edgesight-configuration-file-info-disclosure(38861)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38861"}, {"name": "ADV-2007-4091", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4091"}, {"name": "1019050", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019050"}, {"name": "26705", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26705"}, {"name": "27935", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27935"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6267", "datePublished": "2007-12-07T11:00:00", "dateReserved": "2007-12-07T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:edgesight_for_endpoints:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "A51F3443-CC16-40A2-8A43-5E2A6DA1C68B", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:edgesight_for_endpoints:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "3807F821-1E3B-4E52-8E14-A6F22DA28D06", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:edgesight_for_netscaler:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "03B79B3B-A526-496F-84F1-9855C1F1A67D", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:edgesight_for_netscaler:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B62588DC-6A3B-4A5D-A822-15268C209696", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:edgesight_for_presentation_server:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "079DDF6A-305E-4775-B07D-24F222782160", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:edgesight_for_presentation_server:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "3FF901DE-4F7B-49A1-A4B9-31FEDF559BFA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information."}, {"lang": "es", "value": "Vulnerabilidad en Citrix EdgeSight 4.2 y 4.5 para Presentation Server, EdgeSight 4.2 y 4.5 para Endpoints, y EdgeSight para NetScaler 1.0 y 1.1 . No guardan correctamente los credenciales de la base de datos en archivos de configuraci\u00f3n, lo que permite que un usuario local pueda obtener informaci\u00f3n sensible."}], "id": "CVE-2007-6267", "lastModified": "2017-08-08T01:29:03.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-07T11:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27935"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX115281"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/26705"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019050"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/4091"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38861"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}