CVE-2014-4700

Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 UNKNOWN
ADJACENT_NETWORK
MEDIUM
AV:A/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
citrixxendesktop
5.0 ≤
𝑥
≤ 5.6
citrixxendesktop
7.0 ≤
𝑥
≤ 7.11
citrixxendesktop
4.0
citrixxendesktop
4.0:fp1
citrixxendesktop
4.0:fp2
citrixxendesktop
5.6:fp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/59889
http://support.citrix.com/article/CTX139591
http://www.securityfocus.com/bid/68530
http://www.securitytracker.com/id/1030566
https://exchange.xforce.ibmcloud.com/vulnerabilities/94460
http://secunia.com/advisories/59889
http://support.citrix.com/article/CTX139591
http://www.securityfocus.com/bid/68530
http://www.securitytracker.com/id/1030566
https://exchange.xforce.ibmcloud.com/vulnerabilities/94460