citrix netscaler_application_delivery_controller の CVE（24 件）

CVE 件数: 24 CPE versions: View versions table

概要

本ページは citrix netscaler_application_delivery_controller に影響する公開済み CVE（NVD の CPE 経由で関連付け）を列挙します。各行に深刻度指標・概要・公開日が含まれます。

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2026-3055 KEV	Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread	50a63c94-1ea7-4568-8c11-eb79e7c5a2b5	9.3	89.79%	2026-03-23	2026-03-31
CVE-2025-7776	Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it	[email protected]	8.8	0.32%	2025-08-26	2025-09-03
CVE-2025-7775 KEV	Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS an	[email protected]	9.2	7.79%	2025-08-26	2025-10-24
CVE-2025-6543 KEV	Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server	[email protected]	9.2	1.06%	2025-06-25	2025-10-24
CVE-2025-5777 KEV	Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server	[email protected]	9.3	64.97%	2025-06-17	2025-10-30
CVE-2025-5349	Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway	[email protected]	8.7	0.88%	2025-06-17	2025-08-06
CVE-2024-8535	Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources	[email protected]	5.8	0.92%	2024-11-12	2025-07-25
CVE-2024-8534	Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled	[email protected]	8.4	1.35%	2024-11-12	2025-07-25
CVE-2024-5492	Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway	[email protected]	5.1	2.95%	2024-07-10	2025-07-25
CVE-2024-5491	Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler	[email protected]	7.2	0.45%	2024-07-10	2025-07-25
CVE-2023-6549 KEV	Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read	[email protected]	8.2	80.24%	2024-01-17	2026-02-26
CVE-2023-6548 KEV	Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.	[email protected]	5.5	6.52%	2024-01-17	2025-10-24
CVE-2023-4967	Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server	[email protected]	8.2	0.57%	2023-10-27	2024-11-21
CVE-2023-4966 KEV	Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.	[email protected]	9.4	94.35%	2023-10-10	2025-10-24
CVE-2023-3467	Privilege Escalation to root administrator (nsroot)	[email protected]	8.0	0.43%	2023-07-19	2024-11-21
CVE-2023-3466	Reflected Cross-Site Scripting (XSS)	[email protected]	8.3	1.24%	2023-07-19	2024-11-21
CVE-2023-3519 KEV	Unauthenticated remote code execution	[email protected]	9.8	93.63%	2023-07-19	2025-10-24
CVE-2018-5314	Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.	[email protected]	7.5	3.31%	2018-03-01	2024-11-21
CVE-2015-3642	The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).	[email protected]	5.9	0.29%	2017-08-02	2026-05-13
CVE-2014-4347	Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.	[email protected]	5.0	0.98%	2014-07-16	2026-05-06

cvelogic Threat Intelligence