VYPR

Access Gateway

by Citrix Systems

CVEs (40)

  • CVE-2025-8424HigAug 26, 2025
    risk 0.57cvss epss 0.03

    Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

  • CVE-2026-4368HigMar 23, 2026
    risk 0.50cvss epss 0.04

    Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

  • CVE-2009-2213MedJun 25, 2009
    risk 0.42cvss 6.5epss 0.02

    The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass…

  • CVE-2025-12101MedNov 11, 2025
    risk 0.39cvss epss 0.25

    Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

  • CVE-2015-3642MedAug 2, 2017
    risk 0.38cvss 5.9epss 0.01

    The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8,…

  • CVE-2023-4966KEVOct 10, 2023
    risk 0.29cvss epss 1.00

    Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

  • CVE-2023-3519KEVJul 19, 2023
    risk 0.28cvss epss 0.99

    Unauthenticated remote code execution

  • CVE-2023-6549KEVJan 17, 2024
    risk 0.18cvss epss 0.58

    Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

  • CVE-2023-6548KEVJan 17, 2024
    risk 0.13cvss epss 0.03

    Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

  • CVE-2025-6543KEVJun 25, 2025
    risk 0.12cvss epss 0.10

    Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

  • CVE-2011-2882Jul 21, 2011
    risk 0.08cvss epss 0.56

    Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.

  • CVE-2010-4566Jan 14, 2011
    risk 0.05cvss epss 0.28

    The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute…

  • CVE-2020-8300Jun 16, 2021
    risk 0.01cvss epss 0.03

    Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or…

  • CVE-2023-4967Oct 27, 2023
    risk 0.00cvss epss 0.01

    Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

  • CVE-2023-3467Jul 19, 2023
    risk 0.00cvss epss 0.02

    Privilege Escalation to root administrator (nsroot)

  • CVE-2023-3466Jul 19, 2023
    risk 0.00cvss epss 0.03

    Reflected Cross-Site Scripting (XSS)

  • CVE-2020-8299Jun 16, 2021
    risk 0.00cvss epss 0.00

    Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a…

  • CVE-2021-28113Apr 2, 2021
    risk 0.00cvss epss 0.22

    A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.

  • CVE-2020-8245Sep 18, 2020
    risk 0.00cvss epss 0.01

    Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12,…

  • CVE-2019-12044May 22, 2019
    risk 0.00cvss epss 0.02

    A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8,…

Page 1 of 2