Vulnerability Details CVE-2014-4700
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.4%
CVSS Severity
CVSS v2 Score 4.9
References
- http://secunia.com/advisories/59889
- http://support.citrix.com/article/CTX139591
- http://www.securityfocus.com/bid/68530
- http://www.securitytracker.com/id/1030566
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94460
- http://secunia.com/advisories/59889
- http://support.citrix.com/article/CTX139591
- http://www.securityfocus.com/bid/68530
- http://www.securitytracker.com/id/1030566
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94460
Products affected by CVE-2014-4700
-
cpe:2.3:a:citrix:xendesktop:4.0
-
cpe:2.3:a:citrix:xendesktop:5.0
-
cpe:2.3:a:citrix:xendesktop:5.6
-
cpe:2.3:a:citrix:xendesktop:7.0
-
cpe:2.3:a:citrix:xendesktop:7.1
-
cpe:2.3:a:citrix:xendesktop:7.11
-
cpe:2.3:a:citrix:xendesktop:7.5
-
cpe:2.3:a:citrix:xendesktop:7.6
-
cpe:2.3:a:citrix:xendesktop:7.7
-
cpe:2.3:a:citrix:xendesktop:7.8
-
cpe:2.3:a:citrix:xendesktop:7.9