Detections
Analytics
Citrix Netscaler 14.1.x < 14.1-25.53 Information Disclosure
critical Web App Scanning Plugin ID 114784
Synopsis
Citrix Netscaler 14.1.x < 14.1-25.53 Information DisclosureDescription
Citrix Netscaler version 14.1.x prior to 14.1-25.53 is affected by an information disclosure vulnerability. An unauthenticated remote attacker can exploit this vulnerability to gain access to sensitive information, including the Citrix Netscaler management console and SDX SVM.Solution
Upgrade to Citrix Netscaler version 14.1-25.53 or later.See Also
Plugin Details
Severity: Critical
ID: 114784
Type: remote
Family: Component Vulnerability
Published: 4/29/2025
Updated: 4/29/2025
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 6.1
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2024-6235
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score Source: CVE-2024-6235
CVSS v4
Risk Factor: Critical
Base Score: 9.4
Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score Source: CVE-2024-6235
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/7/2024
Vulnerability Publication Date: 10/7/2024
Reference Information
CVE: CVE-2024-6235
CWE: 287
OWASP: 2010-A3, 2013-A2, 2013-A9, 2017-A2, 2017-A9, 2021-A6, 2021-A7
WASC: Insufficient Authentication
CAPEC: 114, 115, 151, 194, 22, 57, 593, 633, 650, 94
DISA STIG: APSC-DV-000460, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a)(1), 164.312(a)(2)(i)
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.14.2.5, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3, sp800_53-CM-6b
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1
PCI-DSS: 3.2-6.2, 3.2-6.5.10