Vendor CVEs
Citrix Systems
All CVEs
387 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-45389 | 0.00 | — | 0.01 | Jan 4, 2022 | A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864. | |||
| CVE-2021-22932 | 0.00 | — | 0.00 | Aug 16, 2021 | An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously… | |||
| CVE-2021-22920 | 0.00 | — | 0.01 | Aug 5, 2021 | A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a… | |||
| CVE-2021-22919 | 0.00 | — | 0.01 | Aug 5, 2021 | A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the… | |||
| CVE-2021-22928 | 0.00 | — | 0.00 | Aug 5, 2021 | A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to… | |||
| CVE-2020-8299 | 0.00 | — | 0.00 | Jun 16, 2021 | Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a… | |||
| CVE-2021-22907 | 0.00 | — | 0.00 | May 27, 2021 | An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. | |||
| CVE-2021-28113 | 0.00 | — | 0.22 | Apr 2, 2021 | A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. | |||
| CVE-2021-1241 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||
| CVE-2021-1261 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these… | |||
| CVE-2021-1262 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these… | |||
| CVE-2021-1263 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these… | |||
| CVE-2021-1273 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||
| CVE-2021-1274 | 0.00 | — | 0.02 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||
| CVE-2021-1278 | 0.00 | — | 0.02 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||
| CVE-2021-1298 | 0.00 | — | 0.02 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these… | |||
| CVE-2021-1299 | 0.00 | — | 0.02 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these… | |||
| CVE-2021-1300 | 0.00 | — | 0.02 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||
| CVE-2020-8274 | 0.00 | — | 0.02 | Jan 6, 2021 | Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat… | |||
| CVE-2020-8258 | 0.00 | — | 0.01 | Dec 14, 2020 | Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. | |||
| CVE-2020-8257 | 0.00 | — | 0.02 | Dec 14, 2020 | Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks | |||
| CVE-2020-8283 | 0.00 | — | 0.03 | Dec 14, 2020 | An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | |||
| CVE-2020-8270 | 0.00 | — | 0.03 | Nov 16, 2020 | An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342 | |||
| CVE-2020-8273 | 0.00 | — | 0.02 | Nov 16, 2020 | Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. | |||
| CVE-2020-8272 | 0.00 | — | 0.01 | Nov 16, 2020 | Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | |||
| CVE-2020-8200 | 0.00 | — | 0.01 | Sep 18, 2020 | Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. | |||
| CVE-2020-8247 | 0.00 | — | 0.01 | Sep 18, 2020 | Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before… | |||
| CVE-2020-8246 | 0.00 | — | 0.02 | Sep 18, 2020 | Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before… | |||
| CVE-2020-8245 | 0.00 | — | 0.01 | Sep 18, 2020 | Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12,… | |||
| CVE-2020-8253 | 0.00 | — | 0.02 | Sep 18, 2020 | Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files. | |||
| CVE-2020-8212 | 0.00 | — | 0.02 | Aug 17, 2020 | Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality. | |||
| CVE-2020-8211 | 0.00 | — | 0.02 | Aug 17, 2020 | Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection. | |||
| CVE-2020-8210 | 0.00 | — | 0.02 | Aug 17, 2020 | Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account. | |||
| CVE-2020-8208 | 0.00 | — | 0.01 | Aug 17, 2020 | Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS). | |||
| CVE-2020-8207 | 0.00 | — | 0.02 | Jul 24, 2020 | Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. | |||
| CVE-2020-8199 | 0.00 | — | 0.00 | Jul 10, 2020 | Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. | |||
| CVE-2020-8198 | 0.00 | — | 0.01 | Jul 10, 2020 | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS). | |||
| CVE-2020-13998 | 0.00 | — | 0.01 | Jun 11, 2020 | Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer… | |||
| CVE-2020-13884 | 0.00 | — | 0.01 | Jun 8, 2020 | Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. | |||
| CVE-2020-13885 | 0.00 | — | 0.01 | Jun 8, 2020 | Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. | |||
| CVE-2020-6175 | 0.00 | — | 0.01 | Mar 16, 2020 | Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation. | |||
| CVE-2019-11345 | 0.00 | — | 0.01 | Mar 10, 2020 | Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS. | |||
| CVE-2020-10112 | 0.00 | — | 0.01 | Mar 6, 2020 | Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies… | |||
| CVE-2012-4606 | 0.00 | — | 0.00 | Jan 23, 2020 | Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | |||
| CVE-2012-4603 | 0.00 | — | 0.07 | Jan 10, 2020 | Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. | |||
| CVE-2019-18225 | 0.00 | — | 0.02 | Oct 21, 2019 | An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass… | |||
| CVE-2019-17366 | 0.00 | — | 0.01 | Oct 9, 2019 | Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. | |||
| CVE-2019-12992 | 0.00 | — | 0.49 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | |||
| CVE-2014-3798 | 0.00 | — | 0.02 | Jul 11, 2019 | The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. | |||
| CVE-2019-12292 | 0.00 | — | 0.01 | Jun 24, 2019 | Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. |
- CVE-2021-45389Jan 4, 2022risk 0.00cvss —epss 0.01
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
- CVE-2021-22932Aug 16, 2021risk 0.00cvss —epss 0.00
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously…
- CVE-2021-22920Aug 5, 2021risk 0.00cvss —epss 0.01
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a…
- CVE-2021-22919Aug 5, 2021risk 0.00cvss —epss 0.01
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the…
- CVE-2021-22928Aug 5, 2021risk 0.00cvss —epss 0.00
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to…
- CVE-2020-8299Jun 16, 2021risk 0.00cvss —epss 0.00
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a…
- CVE-2021-22907May 27, 2021risk 0.00cvss —epss 0.00
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.
- CVE-2021-28113Apr 2, 2021risk 0.00cvss —epss 0.22
A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.
- CVE-2021-1241Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
- CVE-2021-1261Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…
- CVE-2021-1262Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…
- CVE-2021-1263Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…
- CVE-2021-1273Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
- CVE-2021-1274Jan 20, 2021risk 0.00cvss —epss 0.02
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
- CVE-2021-1278Jan 20, 2021risk 0.00cvss —epss 0.02
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
- CVE-2021-1298Jan 20, 2021risk 0.00cvss —epss 0.02
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…
- CVE-2021-1299Jan 20, 2021risk 0.00cvss —epss 0.02
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…
- CVE-2021-1300Jan 20, 2021risk 0.00cvss —epss 0.02
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
- CVE-2020-8274Jan 6, 2021risk 0.00cvss —epss 0.02
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat…
- CVE-2020-8258Dec 14, 2020risk 0.00cvss —epss 0.01
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.
- CVE-2020-8257Dec 14, 2020risk 0.00cvss —epss 0.02
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks
- CVE-2020-8283Dec 14, 2020risk 0.00cvss —epss 0.03
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
- CVE-2020-8270Nov 16, 2020risk 0.00cvss —epss 0.03
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342
- CVE-2020-8273Nov 16, 2020risk 0.00cvss —epss 0.02
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
- CVE-2020-8272Nov 16, 2020risk 0.00cvss —epss 0.01
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
- CVE-2020-8200Sep 18, 2020risk 0.00cvss —epss 0.01
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
- CVE-2020-8247Sep 18, 2020risk 0.00cvss —epss 0.01
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before…
- CVE-2020-8246Sep 18, 2020risk 0.00cvss —epss 0.02
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before…
- CVE-2020-8245Sep 18, 2020risk 0.00cvss —epss 0.01
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12,…
- CVE-2020-8253Sep 18, 2020risk 0.00cvss —epss 0.02
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.
- CVE-2020-8212Aug 17, 2020risk 0.00cvss —epss 0.02
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.
- CVE-2020-8211Aug 17, 2020risk 0.00cvss —epss 0.02
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.
- CVE-2020-8210Aug 17, 2020risk 0.00cvss —epss 0.02
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.
- CVE-2020-8208Aug 17, 2020risk 0.00cvss —epss 0.01
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).
- CVE-2020-8207Jul 24, 2020risk 0.00cvss —epss 0.02
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.
- CVE-2020-8199Jul 10, 2020risk 0.00cvss —epss 0.00
Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.
- CVE-2020-8198Jul 10, 2020risk 0.00cvss —epss 0.01
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
- CVE-2020-13998Jun 11, 2020risk 0.00cvss —epss 0.01
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer…
- CVE-2020-13884Jun 8, 2020risk 0.00cvss —epss 0.01
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.
- CVE-2020-13885Jun 8, 2020risk 0.00cvss —epss 0.01
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.
- CVE-2020-6175Mar 16, 2020risk 0.00cvss —epss 0.01
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.
- CVE-2019-11345Mar 10, 2020risk 0.00cvss —epss 0.01
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.
- CVE-2020-10112Mar 6, 2020risk 0.00cvss —epss 0.01
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies…
- CVE-2012-4606Jan 23, 2020risk 0.00cvss —epss 0.00
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.
- CVE-2012-4603Jan 10, 2020risk 0.00cvss —epss 0.07
Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.
- CVE-2019-18225Oct 21, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass…
- CVE-2019-17366Oct 9, 2019risk 0.00cvss —epss 0.01
Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.
- CVE-2019-12992Jul 16, 2019risk 0.00cvss —epss 0.49
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
- CVE-2014-3798Jul 11, 2019risk 0.00cvss —epss 0.02
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
- CVE-2019-12292Jun 24, 2019risk 0.00cvss —epss 0.01
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.
Page 5 of 8