Unrated severityNVD Advisory· Published Mar 26, 2015· Updated May 6, 2026

CVE-2015-2683

Description

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.

Affected products

Citrix Systems/Command Center2 versions
cpe:2.3:a:citrix:command_center:5.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:citrix:command_center:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:command_center:5.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/130930/Citrx-Command-Center-Advent-JMX-Servlet-Accessible.htmlnvdExploit
www.securify.nl/advisory/SFY20140804/advent_jmx_servlet_of_citrx_command_center_is_accessible_to_unauthenticated_users.htmlnvdExploit
seclists.org/fulldisclosure/2015/Mar/127nvd
support.citrix.com/article/CTX200584nvd
www.securityfocus.com/archive/1/534933/100/0/threadednvd
www.securityfocus.com/bid/73313nvd
www.securitytracker.com/id/1031993nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000