CVE-2008-2299

Citrix Presentation Server < 4.5 - Cryptographic Issue

Title source: rule

Description

Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions.

References (6)

[Vendor Advisory] http://secunia.com/advisories/30271

[Patch] http://support.citrix.com/article/CTX114893

[Patch] http://www.securitytracker.com/id?1020026

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42444

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29233

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1531/references

Scores

EPSS 0.0042

EPSS Percentile 61.5%

Classification

CWE

CWE-310

Status draft

Affected Products (3)

citrix/presentation_server < 4.5

citrix/access_essentials < 2.0

citrix/desktop_server

Timeline

Published May 18, 2008

Tracked Since Feb 18, 2026