A number of SQL Injection vulnerabilities have been identified in the Administration Web UI servlets used by Citrix Command Center. These vulnerabilities, if exploited, could allow an authenticated user to insert malicious SQL queries into the application, potentially causing the alteration or deletion of system data.
These vulnerabilities impact all currently supported versions of Citrix Command Center up to and including version 5.2 Build 43.19 and version 5.1 Build 35.4.
These vulnerabilities have been assigned the following CVE number:
- CVE-2015-7999: Multiple SQL Injection Vulnerabilities in Citrix Command Center Web User Interface Java Servlets