Cloud Connector
CVE-2021-22914
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.
AnalysisAI
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-922. Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. Affected products include: Citrix Cloud Connector. Version information: before 6.31.0.62192.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Cloud Connector
View allSAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. R
SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require
Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation
SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. Rated high severity (CVSS 7.5), this vulne
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine ser
SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malic
SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Admin
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack f
Same weakness CWE-922 – Insecure Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today