CVE-2014-4700

Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.

Published: Jul 11, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-4700
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:A/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
citrix / xendesktop	4.0-fp1	4.0-fp1.x
citrix / xendesktop	4.0	4.0.x
citrix / xendesktop	4.0-fp2	4.0-fp2.x
citrix / xendesktop	5.0	5.6.x
citrix / xendesktop	5.6-fp1	5.6-fp1.x
citrix / xendesktop	7.0	7.11.x

http://secunia.com/advisories/59889
http://support.citrix.com/article/CTX139591
http://www.securityfocus.com/bid/68530
http://www.securitytracker.com/id/1030566
https://exchange.xforce.ibmcloud.com/vulnerabilities/94460

Vulnerability Database

290,301

CVE-2014-4700