← Back

CVE-2015-7996

nvd nist
Published: Nov 17, 2015Modified: May 6, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.

Affected (5)

Citrix
3 products
Netscaler Application Delivery Controller Firmware
Netscaler Service Delivery Appliance Service Vm
Netscaler Gateway Firmware
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Citrix
Netscaler Application Delivery Controller Firmware
Version 10.1
Netscaler Application Delivery Controller Firmware
Version 10.5
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Netscaler Service Delivery Appliance Service Vm
Version 10.5e
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Citrix
Netscaler Gateway Firmware
Version 10.1
Netscaler Gateway Firmware
Version 10.5

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.