CVE-2007-6267 - OpenCVE

Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Edgesight For Endpoints Edgesight For Netscaler Edgesight For Presentation Server

Configuration 1 [-]

OR	cpe:2.3:a:citrix:edgesight_for_endpoints:4.2:::::::*
	cpe:2.3:a:citrix:edgesight_for_endpoints:4.5:::::::*
	cpe:2.3:a:citrix:edgesight_for_netscaler:1.0:::::::*
	cpe:2.3:a:citrix:edgesight_for_netscaler:1.1:::::::*
	cpe:2.3:a:citrix:edgesight_for_presentation_server:4.2:::::::*
	cpe:2.3:a:citrix:edgesight_for_presentation_server:4.5:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/27935
http://support.citrix.com/article/CTX115281
http://www.securityfocus.com/bid/26705
http://www.securitytracker.com/id?1019050
http://www.vupen.com/english/advisories/2007/4091
https://exchange.xforce.ibmcloud.com/vulnerabilities/38861

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-07T11:00:00

Updated: 2024-08-07T16:02:35.701Z

Reserved: 2007-12-07T00:00:00

Link: CVE-2007-6267

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-12-07T11:46:00.000

Modified: 2017-08-08T01:29:03.307

Link: CVE-2007-6267

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX115281"}, {"name": "edgesight-configuration-file-info-disclosure(38861)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38861"}, {"name": "ADV-2007-4091", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4091"}, {"name": "1019050", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019050"}, {"name": "26705", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26705"}, {"name": "27935", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27935"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6267", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.citrix.com/article/CTX115281", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX115281"}, {"name": "edgesight-configuration-file-info-disclosure(38861)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38861"}, {"name": "ADV-2007-4091", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4091"}, {"name": "1019050", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019050"}, {"name": "26705", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26705"}, {"name": "27935", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27935"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:02:35.701Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX115281"}, {"name": "edgesight-configuration-file-info-disclosure(38861)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38861"}, {"name": "ADV-2007-4091", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/4091"}, {"name": "1019050", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019050"}, {"name": "26705", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26705"}, {"name": "27935", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27935"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6267", "datePublished": "2007-12-07T11:00:00", "dateReserved": "2007-12-07T00:00:00", "dateUpdated": "2024-08-07T16:02:35.701Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:edgesight_for_endpoints:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "A51F3443-CC16-40A2-8A43-5E2A6DA1C68B", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:edgesight_for_endpoints:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "3807F821-1E3B-4E52-8E14-A6F22DA28D06", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:edgesight_for_netscaler:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "03B79B3B-A526-496F-84F1-9855C1F1A67D", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:edgesight_for_netscaler:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B62588DC-6A3B-4A5D-A822-15268C209696", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:edgesight_for_presentation_server:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "079DDF6A-305E-4775-B07D-24F222782160", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:edgesight_for_presentation_server:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "3FF901DE-4F7B-49A1-A4B9-31FEDF559BFA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information."}, {"lang": "es", "value": "Vulnerabilidad en Citrix EdgeSight 4.2 y 4.5 para Presentation Server, EdgeSight 4.2 y 4.5 para Endpoints, y EdgeSight para NetScaler 1.0 y 1.1 . No guardan correctamente los credenciales de la base de datos en archivos de configuraci\u00f3n, lo que permite que un usuario local pueda obtener informaci\u00f3n sensible."}], "id": "CVE-2007-6267", "lastModified": "2017-08-08T01:29:03.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-07T11:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27935"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.citrix.com/article/CTX115281"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/26705"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019050"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/4091"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38861"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}