CVE-2007-2850

critical

Description

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34448

http://www.vupen.com/english/advisories/2007/1918

http://www.securitytracker.com/id?1018098

http://support.citrix.com/article/CTX112964

http://secunia.com/advisories/25371

http://fortconsult.net/files/fortconsult.dk/citrix_advisory.pdf

Details

Source: Mitre, NVD

Published: 2007-05-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.01372