Details of VAR-201803-2110

ID

VAR-201803-2110

CVE

CVE-2018-6811

TITLE

Citrix NetScaler ADC and NetScaler Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-002545

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface. Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly known as Citrix Access Gateway Enterprise Edition) are both products of Citrix Systems. NetScaler ADC is a service and application delivery solution (application delivery controller); NetScaler Gateway is a secure remote access solution. The following products and versions are affected: Citrix NetScaler ADC Release 10.5, Release 11.0, Release 11.1, Release 12.0; NetScaler Gateway Release 10.5, Release 11.0, Release 11.1, Release 12.0

Trust: 1.8

sources: NVD: CVE-2018-6811 // JVNDB: JVNDB-2018-002545 // VULHUB: VHN-136843 // VULMON: CVE-2018-6811

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5	Trust: 2.4
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	11.0	Trust: 2.4
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	11.1	Trust: 2.4
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	12.0	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.0	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.1	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	12.0	Trust: 2.4

sources: JVNDB: JVNDB-2018-002545 // CNNVD: CNNVD-201803-145 // NVD: CVE-2018-6811

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-6811
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-6811
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201803-145
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-136843
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-6811
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-6811
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-136843
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-6811
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-136843 // VULMON: CVE-2018-6811 // JVNDB: JVNDB-2018-002545 // CNNVD: CNNVD-201803-145 // NVD: CVE-2018-6811

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-136843 // JVNDB: JVNDB-2018-002545 // NVD: CVE-2018-6811

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-145

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201803-145

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002545

PATCH

title:	CTX232161	url:	https://support.citrix.com/article/CTX232161	Trust: 0.8
title:	Citrix NetScaler Application Delivery Controller and NetScaler Gateway Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78919	Trust: 0.6
title:	Citrix Security Bulletins: Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=cf8a157f0a34d7fb512f6c61c9c75a50	Trust: 0.1

sources: VULMON: CVE-2018-6811 // JVNDB: JVNDB-2018-002545 // CNNVD: CNNVD-201803-145

EXTERNAL IDS

db:	NVD	id:	CVE-2018-6811	Trust: 2.6
db:	SECTRACK	id:	1040440	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-002545	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-145	Trust: 0.6
db:	VULHUB	id:	VHN-136843	Trust: 0.1
db:	VULMON	id:	CVE-2018-6811	Trust: 0.1

sources: VULHUB: VHN-136843 // VULMON: CVE-2018-6811 // JVNDB: JVNDB-2018-002545 // CNNVD: CNNVD-201803-145 // NVD: CVE-2018-6811

REFERENCES

url:	https://support.citrix.com/article/ctx232161	Trust: 1.9
url:	http://www.securitytracker.com/id/1040440	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6811	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6811	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-136843 // VULMON: CVE-2018-6811 // JVNDB: JVNDB-2018-002545 // CNNVD: CNNVD-201803-145 // NVD: CVE-2018-6811

SOURCES

db:	VULHUB	id:	VHN-136843
db:	VULMON	id:	CVE-2018-6811
db:	JVNDB	id:	JVNDB-2018-002545
db:	CNNVD	id:	CNNVD-201803-145
db:	NVD	id:	CVE-2018-6811

LAST UPDATE DATE

2024-11-23T22:26:25.844000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-136843	date:	2018-03-26T00:00:00
db:	VULMON	id:	CVE-2018-6811	date:	2018-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-002545	date:	2018-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201803-145	date:	2018-03-07T00:00:00
db:	NVD	id:	CVE-2018-6811	date:	2024-11-21T04:11:14.327

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-136843	date:	2018-03-06T00:00:00
db:	VULMON	id:	CVE-2018-6811	date:	2018-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-002545	date:	2018-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201803-145	date:	2018-03-07T00:00:00
db:	NVD	id:	CVE-2018-6811	date:	2018-03-06T20:29:01.250