{"api_version":"1","generated_at":"2026-04-23T11:34:02+00:00","cve":"CVE-2014-4700","urls":{"html":"https://cve.report/CVE-2014-4700","api":"https://cve.report/api/cve/CVE-2014-4700.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-4700","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-4700"},"summary":{"title":"CVE-2014-4700","description":"Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2014-07-11 14:55:00","updated_at":"2018-12-18 14:42:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/59889","name":"59889","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1030566","name":"1030566","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Citrix XenDesktop Unspecified Flaw in Pooled Random Desktop Groups Lets Remote Users Access Other User Desktops - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/68530","name":"68530","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Citrix XenDesktop CVE-2014-4700 Unspecified Unauthorized Access Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://support.citrix.com/article/CTX139591","name":"http://support.citrix.com/article/CTX139591","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Vulnerability in Citrix XenDesktop could result in unauthorized access to another user's desktop","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/94460","name":"citrix-desktop-cve20144700-unauth-access(94460)","refsource":"XF","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-4700","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4700","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"4700","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xendesktop","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4700","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xendesktop","cpe6":"4.0","cpe7":"fp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4700","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xendesktop","cpe6":"4.0","cpe7":"fp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4700","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xendesktop","cpe6":"5.6","cpe7":"fp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4700","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xendesktop","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4700","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xendesktop","cpe6":"4.0","cpe7":"fp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4700","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xendesktop","cpe6":"4.0","cpe7":"fp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4700","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xendesktop","cpe6":"5.6","cpe7":"fp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4700","vulnerable":"1","versionEndIncluding":"5.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xendesktop","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4700","vulnerable":"1","versionEndIncluding":"7.11","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xendesktop","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-4700","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"68530","refsource":"BID","url":"http://www.securityfocus.com/bid/68530"},{"name":"1030566","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1030566"},{"name":"59889","refsource":"SECUNIA","url":"http://secunia.com/advisories/59889"},{"name":"citrix-desktop-cve20144700-unauth-access(94460)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/94460"},{"name":"http://support.citrix.com/article/CTX139591","refsource":"CONFIRM","url":"http://support.citrix.com/article/CTX139591"}]}},"nvd":{"publishedDate":"2014-07-11 14:55:00","lastModifiedDate":"2018-12-18 14:42:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:M/Au:S/C:P/I:P/A:P","accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.9},"severity":"MEDIUM","exploitabilityScore":4.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:xendesktop:4.0:fp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:xendesktop:4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:xendesktop:4.0:fp2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:xendesktop:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndIncluding":"5.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:xendesktop:5.6:fp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:xendesktop:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndIncluding":"7.11","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"4700","Ordinal":"71670","Title":"CVE-2014-4700","CVE":"CVE-2014-4700","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"4700","Ordinal":"1","NoteData":"Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"4700","Ordinal":"2","NoteData":"2014-07-11","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"4700","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}