Citrix Application Delivery Controller Authorization Bypass via pcidss.php report Function

Strike ID:
E20-14qp1
CVSS:
6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
False Positive:
f
Variants:
1
Year:
2020

Description

An authorization bypass vulnerability exists in Citrix Application Delivery Controller (ADC) and Gateway. This vulnerability can be triggered by calling the function report() in the PHP pcidss.php script. The flaw may be exploited by an unauthenticated attacker to access certain protected URL endpoints.

CVE

References