The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe | 1.0 |
| citrix | winframe | 3.5_1.8_for_windows_nt |
| citrix | metaframe | * |
Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe | xp_server |
| citrix | metaframe | 1.8 |
| citrix | metaframe | * |
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | nfuse | 1.51 |
CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe | 1.8 |
Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | ica_client | 6.1 |
Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | nfuse | 1.6 |
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | nfuse | 1.6 |
Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | nfuse | 1.5 |
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | nfuse | 1.51 |
| citrix | nfuse | * |
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | access_essentials | 1.5 |
| citrix | access_essentials | 2.0 |
| citrix | access_essentials | 1.0 |
| citrix | presentation_server | 4.5 |
| citrix | metaframe_presentation_server | 3.0 |
| citrix | presentation_server | 4.0 |
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe | 1.0 |
Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe_client | 8.0 |
| citrix | program_neighborhood_agent | 8.0 |
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe_client | 8.0 |
| citrix | program_neighborhood_agent | 8.0 |
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe_password_manager | 2.0 |
Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe_password_manager | 2.5 |
Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe | 3.0 |
| citrix | metaframe | 4.0 |
Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | ica_program_neighborhood_client | 9.1 |
Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe_secure_access_manager | 2.1 |
| citrix | nfuse | 1.0 |
| citrix | metaframe_secure_access_manager | 2.0 |
| citrix | metaframe_secure_access_manager | 2.2 |
Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | program_neighborhood_client | * |
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | metaframe | 1.8 |
| citrix | metaframe_presentation_server | 3.0 |
| citrix | presentation_server | 4.0 |
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_access_gateway_firmware | 9.0 |
| citrix | netscaler_access_gateway | - |
| citrix | netscaler_access_gateway_firmware | 7.0 |
| citrix | netscaler_access_gateway_firmware | 8.0 |
| citrix | netscaler_access_gateway_firmware | * |
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xencenterweb | - |
Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 5.5 |
| citrix | xenserver | * |
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | * |
Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | online_plug-in_for_windows_for_xenapp_&_xendesktop | * |
| citrix | ica_client_for_linux | * |
| citrix | online_plug-in_for_mac_for_xenapp_&_xendesktop | * |
| citrix | ica_client_for_solaris | * |
| citrix | receiver_for_windows_mobile | * |
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | online_plug-in_for_windows_for_xenapp_&_xendesktop | 11.1 |
| citrix | online_plug-in_for_windows_for_xenapp_&_xendesktop | * |
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
CVSS 2.0
Severity: LOW
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xen | 3.0.3 |
| citrix | xen | 3.4.3 |
| citrix | xen | 3.1.4 |
| citrix | xen | 3.3.0 |
| citrix | xen | 3.2.3 |
| citrix | xen | 3.0.2 |
| citrix | xen | 3.0.4 |
| citrix | xen | 3.2.1 |
| citrix | xen | 3.4.2 |
| citrix | xen | 3.4.0 |
| citrix | xen | 3.3.1 |
| citrix | xen | 3.2.2 |
| citrix | xen | 3.1.3 |
| citrix | xen | 3.3.2 |
| citrix | xen | 3.2.0 |
| citrix | xen | 3.4.1 |
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xen | 3.1.2 |
The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xen | 3.0.3 |
| citrix | xen | 3.1.4 |
| citrix | xen | 3.3.0 |
| citrix | xen | 3.2.3 |
| citrix | xen | * |
| citrix | xen | 3.0.2 |
| citrix | xen | 3.0.4 |
| citrix | xen | 3.2.1 |
| citrix | xen | 3.3.1 |
| citrix | xen | 3.2.2 |
| citrix | xen | 3.1.3 |
| citrix | xen | 3.2.0 |
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xen | 3.0.3 |
| citrix | xen | 3.4.3 |
| citrix | xen | 4.0.0 |
| citrix | xen | 3.1.4 |
| citrix | xen | 3.3.0 |
| citrix | xen | 3.1.2 |
| citrix | xen | 3.2.3 |
| citrix | xen | * |
| citrix | xen | 3.0.2 |
| citrix | xen | 3.0.4 |
| citrix | xen | 3.2.1 |
| citrix | xen | 3.4.2 |
| citrix | xen | 3.4.0 |
| citrix | xen | 3.3.1 |
| citrix | xen | 3.2.2 |
| citrix | xen | 3.1.3 |
| citrix | xen | 3.3.2 |
| citrix | xen | 3.2.0 |
| citrix | xen | 3.4.1 |
Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | web_interface | 5.3 |
| citrix | web_interface | 5.1 |
| citrix | web_interface | 5.0 |
| citrix | web_interface | 5.2 |
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | access_gateway | 9.1-104.5 |
| citrix | access_gateway | 4.6.1 |
| citrix | access_gateway | 8.1-69.4 |
| citrix | access_gateway | 4.5.7 |
| citrix | access_gateway | 4.6.3 |
| citrix | access_gateway | 8.0 |
| citrix | access_gateway | * |
| citrix | access_gateway | 9.0.71.3 |
| citrix | access_gateway | .8.0 |
| citrix | access_gateway | 4.6.2 |
| citrix | access_gateway | 4.5.6 |
| citrix | access_gateway | 4.5 |
| citrix | access_gateway | 4.5.5 |
Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | licensing_administration_console | 11.6 |
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xen | 4.1.0 |
| citrix | xen | 4.0.0 |
| citrix | xen | 3.2.0 |
| citrix | xen | 3.3.0 |
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xen | 4.1.0 |
| citrix | xen | 4.0.1 |
| citrix | xen | 4.0.0 |
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | access_gateway | 9.0 |
| citrix | access_gateway | 9.1 |
| citrix | access_gateway | 8.1 |
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | access_gateway | 9.0 |
| citrix | access_gateway | 9.1 |
| citrix | access_gateway | 8.1 |
tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."
CVSS 2.0
Severity: LOW
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xen | 4.1.0 |
| citrix | xen | 4.0.0 |
| citrix | xen | 3.2.0 |
| citrix | xen | 3.3.0 |
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netbsd | netbsd | * |
| xen | xen | 4.0.0 |
| citrix | xenserver | * |
| sun | sunos | * |
| illumos | illumos | * |
| microsoft | windows_xp | * |
| xen | xen | * |
| xen | xen | 4.0.3 |
| xen | xen | 4.0.2 |
| xen | xen | 4.1.1 |
| xen | xen | 4.1.0 |
| xen | xen | 4.0.1 |
| xen | xen | 4.0.4 |
| freebsd | freebsd | * |
| microsoft | windows_server_2008 | r2 |
| microsoft | windows_server_2003 | * |
| microsoft | windows_7 | * |
| citrix | xenserver | 6.0 |
| joyent | smartos | * |
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache | cloudstack | 4.0.0 |
| citrix | cloudplatform | * |
Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xendesktop | 5.6 |
Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | access_gateway | 5.1 |
| citrix | access_gateway | 5.2 |
| citrix | access_gateway | 5.3 |
| citrix | access_gateway | 5.4 |
| citrix | access_gateway | 5.0 |
The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenclient_xt | 3.1.3 |
| citrix | xenclient_xt | 3.0.0 |
| citrix | xenclient_xt | * |
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudplatform | 3.0 |
| citrix | cloudplatform | 3.0.5 |
| apache | cloudstack | 4.0.0 |
| apache | cloudstack | 4.0.2 |
| citrix | cloudplatform | 3.0.3 |
| apache | cloudstack | 4.0.1 |
| citrix | cloudplatform | 3.0.4 |
| citrix | cloudplatform | 3.0.6 |
Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudplatform | 3.0 |
| citrix | cloudplatform | 3.0.5 |
| citrix | cloudplatform | 3.0.3 |
| citrix | cloudplatform | 3.0.4 |
| citrix | cloudplatform | 3.0.6 |
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudplatform | 3.0 |
| citrix | cloudplatform | 3.0.5 |
| apache | cloudstack | 4.0.0 |
| apache | cloudstack | 4.0.2 |
| citrix | cloudplatform | 3.0.3 |
| apache | cloudstack | 4.0.1 |
| citrix | cloudplatform | 3.0.4 |
| citrix | cloudplatform | 3.0.6 |
Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_access_gateway_firmware | 10.0.74.4 |
| citrix | netscaler_access_gateway | - |
| citrix | netscaler_access_gateway_firmware | 9.2 |
| citrix | netscaler_access_gateway_firmware | 9.1 |
| citrix | netscaler_access_gateway_firmware | * |
| citrix | netscaler_access_gateway_firmware | 10.0 |
| citrix | netscaler_access_gateway_firmware | 9.3 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudportal_services_manager | 10.0 |
Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudportal_services_manager | * |
| citrix | cloudportal_services_manager | 10.0 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudportal_services_manager | * |
| citrix | cloudportal_services_manager | 10.0 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudportal_services_manager | * |
| citrix | cloudportal_services_manager | 10.0 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different vulnerability than other CVEs listed in CTX137162.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudportal_services_manager | * |
| citrix | cloudportal_services_manager | 10.0 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudportal_services_manager | * |
| citrix | cloudportal_services_manager | 10.0 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudportal_services_manager | * |
| citrix | cloudportal_services_manager | 10.0 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloudportal_services_manager | * |
| citrix | cloudportal_services_manager | 10.0 |
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| supermicro | smt_x9_firmware | * |
| citrix | netscaler_firmware | - |
| supermicro | smt_x8_firmware | * |
| citrix | netscaler_sd-wan_firmware | - |
| citrix | netscaler_sdx_firmware | 10 |
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| supermicro | smt_x9_firmware | * |
| citrix | netscaler_firmware | - |
| supermicro | smt_x8_firmware | * |
| citrix | netscaler_sd-wan_firmware | - |
| citrix | netscaler_sdx_firmware | 10 |
Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.0.e |
| citrix | netscaler_application_delivery_controller | - |
| citrix | netscaler_application_delivery_controller_firmware | 10.0 |
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xendesktop | 7.0 |
Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to the "Virtual Machine Daemon."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.0 |
| citrix | netscaler_application_delivery_controller_firmware | 9.3(1) |
| citrix | netscaler_application_delivery_controller_firmware | 9.3.e |
Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to "RADIUS authentication."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.0 |
| citrix | netscaler_application_delivery_controller_firmware | 9.3(1) |
| citrix | netscaler_application_delivery_controller_firmware | 9.3.e |
Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.0 |
| citrix | netscaler_application_delivery_controller_firmware | 9.3(1) |
| citrix | netscaler_application_delivery_controller_firmware | 9.3.e |
Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.0 |
| citrix | netscaler_application_delivery_controller_firmware | 9.3(1) |
| citrix | netscaler_application_delivery_controller_firmware | 9.3.e |
Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.0 |
| citrix | netscaler_application_delivery_controller_firmware | 9.3(1) |
| citrix | netscaler_application_delivery_controller_firmware | 9.3.e |
Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.0 |
| citrix | netscaler_application_delivery_controller_firmware | 9.3(1) |
| citrix | netscaler_application_delivery_controller_firmware | 9.3.e |
Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.0 |
| citrix | netscaler_application_delivery_controller_firmware | 9.3(1) |
| citrix | netscaler_application_delivery_controller_firmware | 9.3.e |
Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_device_manager | 8.6 |
| citrix | xenmobile_device_manager_mdm | 8.0.1 |
| citrix | xenmobile_device_manager | 8.5 |
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gotomeeting | 5.0.799.1238 |
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_access_gateway_firmware | 10.0.74.4 |
| citrix | netscaler_access_gateway_firmware | 9.3.61.5 |
| citrix | netscaler_access_gateway | - |
| citrix | netscaler_access_gateway_firmware | 10.1 |
| citrix | netscaler_access_gateway_firmware | 9.3.62.4 |
| citrix | netscaler_access_gateway_firmware | 10.0 |
| citrix | netscaler_access_gateway_firmware | 9.3 |
Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile_mobile_for_tablets | * |
| citrix | sharefile_mobile | * |
Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | vdi-in-a-box | 5.3.3 |
| citrix | vdi-in-a-box | 5.4.1 |
| citrix | vdi-in-a-box | 5.3.1 |
| citrix | vdi-in-a-box | 5.4.0 |
| citrix | vdi-in-a-box | 5.3.2 |
| citrix | vdi-in-a-box | 5.3.5 |
| citrix | vdi-in-a-box | 5.4.2 |
| citrix | vdi-in-a-box | 5.3.0 |
| citrix | vdi-in-a-box | 5.3.4 |
Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_access_gateway | - |
| citrix | netscaler_application_delivery_controller | - |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller_firmware | * |
| citrix | netscaler_access_gateway_firmware | * |
| citrix | netscaler_access_gateway_firmware | 9.3 |
Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_access_gateway | - |
| citrix | netscaler_application_delivery_controller | - |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller_firmware | * |
| citrix | netscaler_access_gateway_firmware | * |
| citrix | netscaler_access_gateway_firmware | 9.3 |
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | vdi-in-a-box | 5.3.3 |
| citrix | vdi-in-a-box | 5.4.1 |
| citrix | vdi-in-a-box | 5.4.0 |
| citrix | vdi-in-a-box | 5.3.2 |
| citrix | vdi-in-a-box | 5.3.5 |
| citrix | vdi-in-a-box | 5.3.7 |
| citrix | vdi-in-a-box | 5.3.1 |
| citrix | vdi-in-a-box | 5.4.2 |
| citrix | vdi-in-a-box | 5.3.0 |
| citrix | vdi-in-a-box | 5.3.4 |
| citrix | vdi-in-a-box | 5.3.6 |
| citrix | vdi-in-a-box | 5.4.3 |
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.2.0 |
| citrix | xenserver | 6.0 |
| citrix | xenserver | 6.1.0 |
Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_access_gateway | - |
| citrix | netscaler_access_gateway_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller | - |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_access_gateway | - |
| citrix | netscaler_application_delivery_controller_firmware | 9.3 |
| citrix | netscaler_access_gateway_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller | - |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_access_gateway_firmware | 9.3 |
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xendesktop | 5.6 |
| citrix | xendesktop | 4.0 |
| citrix | xendesktop | * |
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 6.2.0 |
Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 6.2.0 |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | software_defined_network_for_virtual_environments | * |
| redhat | enterprise_linux | 4.0 |
| suse | linux_enterprise_desktop | 11 |
| vmware | esx | 4.1 |
| redhat | enterprise_linux_server_aus | 5.6 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.3 |
| ibm | stn7800_firmware | * |
| redhat | enterprise_linux_server_aus | 6.4 |
| redhat | enterprise_linux_server_tus | 7.6 |
| f5 | big-ip_advanced_firewall_manager | * |
| f5 | traffix_signaling_delivery_controller | * |
| redhat | enterprise_linux_eus | 7.7 |
| ibm | qradar_security_information_and_event_manager | 7.2.2 |
| vmware | vcenter_server_appliance | 5.5 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.4_s390x |
| ibm | qradar_vulnerability_manager | 7.2.8 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.8 |
| vmware | vcenter_server_appliance | 5.1 |
| ibm | storwize_v3500_firmware | * |
| f5 | traffix_signaling_delivery_controller | 3.4.1 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| f5 | traffix_signaling_delivery_controller | 4.1.0 |
| redhat | enterprise_linux_server | 6.0 |
| ibm | smartcloud_entry_appliance | 2.4.0 |
| checkpoint | security_gateway | * |
| oracle | linux | 6 |
| redhat | enterprise_linux_for_power_big_endian | 5.0_ppc |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux_server_from_rhui | 5.0 |
| redhat | enterprise_linux_for_power_big_endian | 6.4_ppc64 |
| suse | linux_enterprise_server | 11 |
| novell | zenworks_configuration_management | 11.1 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.5 |
| f5 | big-ip_policy_enforcement_manager | * |
| f5 | big-iq_security | * |
| redhat | enterprise_linux_server_tus | 7.7 |
| ibm | qradar_security_information_and_event_manager | 7.2.9 |
| ibm | qradar_security_information_and_event_manager | 7.1.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| vmware | esx | 4.0 |
| f5 | big-ip_application_security_manager | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.3 |
| f5 | big-ip_policy_enforcement_manager | 11.6.0 |
| f5 | big-ip_global_traffic_manager | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 6.5_ppc64 |
| ibm | qradar_vulnerability_manager | 7.2.4 |
| ibm | starter_kit_for_cloud | 2.2.0 |
| f5 | big-ip_analytics | * |
| f5 | big-ip_link_controller | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.1.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.5_s390x |
| f5 | traffix_signaling_delivery_controller | 3.5.1 |
| redhat | enterprise_linux_eus | 6.5 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.5 |
| ibm | qradar_security_information_and_event_manager | 7.2.8.15 |
| ibm | smartcloud_entry_appliance | 3.2.0 |
| f5 | arx_firmware | * |
| suse | linux_enterprise_server | 12 |
| vmware | vcenter_server_appliance | 5.0 |
| f5 | big-ip_webaccelerator | * |
| oracle | linux | 4 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.7_s390x |
| redhat | enterprise_linux_server_aus | 5.9 |
| ibm | qradar_security_information_and_event_manager | 7.2 |
| redhat | enterprise_linux_server_tus | 6.5 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.4_s390x |
| ibm | flex_system_v7000_firmware | * |
| ibm | stn6500_firmware | * |
| redhat | enterprise_linux_eus | 5.9 |
| ibm | pureapplication_system | 2.0.0.0 |
| redhat | virtualization | 3.4 |
| redhat | enterprise_linux_for_ibm_z_systems | 5.9_s390x |
| f5 | big-ip_global_traffic_manager | 11.6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| ibm | qradar_vulnerability_manager | 7.2.0 |
| f5 | big-ip_analytics | 11.6.0 |
| f5 | big-iq_cloud | * |
| ibm | smartcloud_provisioning | 2.1.0 |
| gnu | bash | * |
| ibm | san_volume_controller_firmware | * |
| ibm | qradar_security_information_and_event_manager | 7.2.7 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.6 |
| opensuse | opensuse | 12.3 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.3 |
| arista | eos | * |
| novell | zenworks_configuration_management | 10.3 |
| f5 | big-ip_application_acceleration_manager | * |
| suse | studio_onsite | 1.3 |
| f5 | big-ip_local_traffic_manager | * |
| f5 | big-ip_edge_gateway | * |
| redhat | enterprise_linux_server_from_rhui | 6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.0 |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux | 6.0 |
| suse | linux_enterprise_software_development_kit | 11 |
| f5 | big-ip_application_security_manager | * |
| f5 | big-ip_link_controller | * |
| ibm | qradar_risk_manager | 7.1.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.2 |
| ibm | infosphere_guardium_database_activity_monitoring | 8.2 |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| f5 | big-ip_access_policy_manager | * |
| canonical | ubuntu_linux | 10.04 |
| ibm | storwize_v3700_firmware | * |
| ibm | qradar_vulnerability_manager | 7.2.2 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| redhat | enterprise_linux_server_aus | 7.7 |
| oracle | linux | 5 |
| redhat | enterprise_linux_server_aus | 7.3 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.0 |
| qnap | qts | 4.1.1 |
| novell | zenworks_configuration_management | 11.3.0 |
| f5 | big-iq_device | * |
| f5 | traffix_signaling_delivery_controller | 3.3.2 |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| ibm | qradar_vulnerability_manager | 7.2.3 |
| ibm | workload_deployer | * |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| f5 | enterprise_manager | * |
| ibm | smartcloud_entry_appliance | 2.3.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.5 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.2 |
| f5 | big-ip_local_traffic_manager | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.1.1 |
| novell | open_enterprise_server | 11.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.3_s390x |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.3 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| canonical | ubuntu_linux | 12.04 |
| opensuse | opensuse | 13.1 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.2 |
| suse | linux_enterprise_server | 10 |
| apple | mac_os_x | * |
| mageia | mageia | 4.0 |
| canonical | ubuntu_linux | 14.04 |
| citrix | netscaler_sdx_firmware | * |
| redhat | enterprise_linux_eus | 6.4 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.1 |
| f5 | big-ip_wan_optimization_manager | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.5_s390x |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.1 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| suse | linux_enterprise_desktop | 12 |
| suse | linux_enterprise_software_development_kit | 12 |
| redhat | gluster_storage_server_for_on-premise | 2.1 |
| ibm | qradar_vulnerability_manager | 7.2.6 |
| ibm | qradar_security_information_and_event_manager | 7.2.5 |
| ibm | qradar_security_information_and_event_manager | 7.2.4 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_desktop | 6.0 |
| debian | debian_linux | 7.0 |
| novell | zenworks_configuration_management | 11.2 |
| redhat | enterprise_linux_eus | 7.6 |
| redhat | enterprise_linux_eus | 7.4 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.1 |
| redhat | enterprise_linux_eus | 7.5 |
| ibm | storwize_v5000_firmware | * |
| f5 | big-ip_application_acceleration_manager | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.1 |
| ibm | storwize_v7000_firmware | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.7 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux_server_tus | 7.3 |
| qnap | qts | * |
| redhat | enterprise_linux_for_power_big_endian | 5.9_ppc |
| novell | zenworks_configuration_management | 11 |
| ibm | smartcloud_entry_appliance | 3.1.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| f5 | big-ip_protocol_security_module | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.6_s390x |
| redhat | enterprise_linux_server_aus | 6.2 |
| ibm | qradar_security_information_and_event_manager | 7.2.6 |
| novell | open_enterprise_server | 2.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.4 |
| mageia | mageia | 3.0 |
| ibm | stn6800_firmware | * |
| f5 | big-ip_access_policy_manager | 11.6.0 |
| f5 | big-ip_advanced_firewall_manager | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.8 |
| ibm | pureapplication_system | * |
| ibm | qradar_vulnerability_manager | 7.2.1 |
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.0 |
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | software_defined_network_for_virtual_environments | * |
| redhat | enterprise_linux | 4.0 |
| suse | linux_enterprise_desktop | 11 |
| vmware | esx | 4.1 |
| redhat | enterprise_linux_server_aus | 5.6 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.3 |
| ibm | stn7800_firmware | * |
| redhat | enterprise_linux_server_aus | 6.4 |
| redhat | enterprise_linux_server_tus | 7.6 |
| f5 | big-ip_advanced_firewall_manager | * |
| f5 | traffix_signaling_delivery_controller | * |
| redhat | enterprise_linux_eus | 7.7 |
| ibm | qradar_security_information_and_event_manager | 7.2.2 |
| vmware | vcenter_server_appliance | 5.5 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.4_s390x |
| ibm | qradar_vulnerability_manager | 7.2.8 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.8 |
| vmware | vcenter_server_appliance | 5.1 |
| ibm | storwize_v3500_firmware | * |
| f5 | traffix_signaling_delivery_controller | 3.4.1 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| f5 | traffix_signaling_delivery_controller | 4.1.0 |
| redhat | enterprise_linux_server | 6.0 |
| ibm | smartcloud_entry_appliance | 2.4.0 |
| checkpoint | security_gateway | * |
| oracle | linux | 6 |
| redhat | enterprise_linux_for_power_big_endian | 5.0_ppc |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux_server_from_rhui | 5.0 |
| redhat | enterprise_linux_for_power_big_endian | 6.4_ppc64 |
| suse | linux_enterprise_server | 11 |
| novell | zenworks_configuration_management | 11.1 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.5 |
| f5 | big-ip_policy_enforcement_manager | * |
| f5 | big-iq_security | * |
| redhat | enterprise_linux_server_tus | 7.7 |
| ibm | qradar_security_information_and_event_manager | 7.2.9 |
| ibm | qradar_security_information_and_event_manager | 7.1.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| vmware | esx | 4.0 |
| f5 | big-ip_application_security_manager | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.3 |
| f5 | big-ip_policy_enforcement_manager | 11.6.0 |
| f5 | big-ip_global_traffic_manager | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 6.5_ppc64 |
| ibm | qradar_vulnerability_manager | 7.2.4 |
| ibm | starter_kit_for_cloud | 2.2.0 |
| f5 | big-ip_analytics | * |
| f5 | big-ip_link_controller | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.1.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.5_s390x |
| f5 | traffix_signaling_delivery_controller | 3.5.1 |
| redhat | enterprise_linux_eus | 6.5 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.5 |
| ibm | qradar_security_information_and_event_manager | 7.2.8.15 |
| ibm | smartcloud_entry_appliance | 3.2.0 |
| f5 | arx_firmware | * |
| suse | linux_enterprise_server | 12 |
| vmware | vcenter_server_appliance | 5.0 |
| f5 | big-ip_webaccelerator | * |
| oracle | linux | 4 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.7_s390x |
| redhat | enterprise_linux_server_aus | 5.9 |
| ibm | qradar_security_information_and_event_manager | 7.2 |
| redhat | enterprise_linux_server_tus | 6.5 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.4_s390x |
| ibm | flex_system_v7000_firmware | * |
| ibm | stn6500_firmware | * |
| redhat | enterprise_linux_eus | 5.9 |
| ibm | pureapplication_system | 2.0.0.0 |
| redhat | virtualization | 3.4 |
| redhat | enterprise_linux_for_ibm_z_systems | 5.9_s390x |
| f5 | big-ip_global_traffic_manager | 11.6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| ibm | qradar_vulnerability_manager | 7.2.0 |
| f5 | big-ip_analytics | 11.6.0 |
| f5 | big-iq_cloud | * |
| ibm | smartcloud_provisioning | 2.1.0 |
| gnu | bash | * |
| ibm | san_volume_controller_firmware | * |
| ibm | qradar_security_information_and_event_manager | 7.2.7 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.6 |
| opensuse | opensuse | 12.3 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.3 |
| arista | eos | * |
| novell | zenworks_configuration_management | 10.3 |
| f5 | big-ip_application_acceleration_manager | * |
| suse | studio_onsite | 1.3 |
| f5 | big-ip_local_traffic_manager | * |
| f5 | big-ip_edge_gateway | * |
| redhat | enterprise_linux_server_from_rhui | 6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.0 |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux | 6.0 |
| suse | linux_enterprise_software_development_kit | 11 |
| f5 | big-ip_application_security_manager | * |
| f5 | big-ip_link_controller | * |
| ibm | qradar_risk_manager | 7.1.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.2 |
| ibm | infosphere_guardium_database_activity_monitoring | 8.2 |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| f5 | big-ip_access_policy_manager | * |
| canonical | ubuntu_linux | 10.04 |
| ibm | storwize_v3700_firmware | * |
| ibm | qradar_vulnerability_manager | 7.2.2 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| redhat | enterprise_linux_server_aus | 7.7 |
| oracle | linux | 5 |
| redhat | enterprise_linux_server_aus | 7.3 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.0 |
| qnap | qts | 4.1.1 |
| novell | zenworks_configuration_management | 11.3.0 |
| f5 | big-iq_device | * |
| f5 | traffix_signaling_delivery_controller | 3.3.2 |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| ibm | qradar_vulnerability_manager | 7.2.3 |
| ibm | workload_deployer | * |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| f5 | enterprise_manager | * |
| ibm | smartcloud_entry_appliance | 2.3.0 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.5 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.2 |
| f5 | big-ip_local_traffic_manager | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.1.1 |
| novell | open_enterprise_server | 11.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.3_s390x |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.3 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| canonical | ubuntu_linux | 12.04 |
| opensuse | opensuse | 13.1 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.2 |
| suse | linux_enterprise_server | 10 |
| apple | mac_os_x | * |
| mageia | mageia | 4.0 |
| canonical | ubuntu_linux | 14.04 |
| citrix | netscaler_sdx_firmware | * |
| redhat | enterprise_linux_eus | 6.4 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.1 |
| f5 | big-ip_wan_optimization_manager | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.5_s390x |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.1 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| suse | linux_enterprise_desktop | 12 |
| suse | linux_enterprise_software_development_kit | 12 |
| redhat | gluster_storage_server_for_on-premise | 2.1 |
| ibm | qradar_vulnerability_manager | 7.2.6 |
| ibm | qradar_security_information_and_event_manager | 7.2.5 |
| ibm | qradar_security_information_and_event_manager | 7.2.4 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_desktop | 6.0 |
| debian | debian_linux | 7.0 |
| novell | zenworks_configuration_management | 11.2 |
| redhat | enterprise_linux_eus | 7.6 |
| redhat | enterprise_linux_eus | 7.4 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.1 |
| redhat | enterprise_linux_eus | 7.5 |
| ibm | storwize_v5000_firmware | * |
| f5 | big-ip_application_acceleration_manager | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.1 |
| ibm | storwize_v7000_firmware | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.7 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux_server_tus | 7.3 |
| qnap | qts | * |
| redhat | enterprise_linux_for_power_big_endian | 5.9_ppc |
| novell | zenworks_configuration_management | 11 |
| ibm | smartcloud_entry_appliance | 3.1.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| f5 | big-ip_protocol_security_module | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.6_s390x |
| redhat | enterprise_linux_server_aus | 6.2 |
| ibm | qradar_security_information_and_event_manager | 7.2.6 |
| novell | open_enterprise_server | 2.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.4 |
| mageia | mageia | 3.0 |
| ibm | stn6800_firmware | * |
| f5 | big-ip_access_policy_manager | 11.6.0 |
| f5 | big-ip_advanced_firewall_manager | 11.6.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.8 |
| ibm | pureapplication_system | * |
| ibm | qradar_vulnerability_manager | 7.2.1 |
Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile | 8.5 |
| citrix | xenmobile | 9.0 |
| citrix | xenmobile | * |
| citrix | xenmobile | 8.7 |
| citrix | xenmobile | 8.6 |
| citrix | xenmobile | 9.0.2 |
Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.1.128 |
| citrix | netscaler_gateway_firmware | 10.1.121 |
| citrix | netscaler_gateway_firmware | 10.1.127 |
| citrix | netscaler_gateway_firmware | 10.1.122 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.129 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.125 |
| citrix | netscaler_gateway_firmware | 10.1.120.1316.e |
| citrix | netscaler_gateway_firmware | 10.1.123 |
| citrix | netscaler_gateway_firmware | 10.5.50.10 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.121 |
| citrix | netscaler_application_delivery_controller_firmware | 10.5.51.10 |
| citrix | netscaler_gateway_firmware | 10.5.51.10 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.127 |
| citrix | netscaler_gateway_firmware | 10.1.129 |
| citrix | netscaler_application_delivery_controller_firmware | 10.5.50.10 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.122 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.126 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.123 |
| citrix | netscaler_gateway_firmware | 10.1.128 |
| citrix | netscaler_gateway_firmware | 10.1.124 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.124 |
| citrix | netscaler_gateway_firmware | 10.1.125 |
| citrix | netscaler_gateway_firmware | 10.1.126 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.120.1316.e |
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-17,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | command_center | 5.2 |
| citrix | command_center | 5.1 |
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | command_center | 5.2 |
| citrix | command_center | 5.1 |
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 10.5e |
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler | 10.5 |
The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler | 10.5 |
Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler | 10.5 |
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler | 10.5 |
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | - |
| citrix | netscaler_application_delivery_controller | - |
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_desktop | 11 |
| fedoraproject | fedora | 21 |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_software_development_kit | 11 |
| citrix | xenserver | 6.2.0 |
| fedoraproject | fedora | 20 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 15.04 |
| qemu | qemu | * |
| citrix | xenserver | 6.1.0 |
| suse | linux_enterprise_desktop | 12 |
| suse | linux_enterprise_software_development_kit | 12 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| citrix | xenserver | 6.0 |
| canonical | ubuntu_linux | 12.04 |
| fedoraproject | fedora | 22 |
| canonical | ubuntu_linux | 14.10 |
| suse | linux_enterprise_server | 12 |
The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.5e |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.128 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_gateway_firmware | 10.1.121 |
| citrix | netscaler_gateway_firmware | 10.1.127 |
| citrix | netscaler_gateway_firmware | 10.1.122 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.129 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.125 |
| citrix | netscaler_gateway_firmware | 10.1.120.1316.e |
| citrix | netscaler_gateway_firmware | 10.1.123 |
| citrix | netscaler_gateway_firmware | 10.5.50.10 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.121 |
| citrix | netscaler_gateway_firmware | 10.5.51.10 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.127 |
| citrix | netscaler_gateway_firmware | 10.1.129 |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.122 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.126 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.123 |
| citrix | netscaler_gateway_firmware | 10.1.128 |
| citrix | netscaler_gateway_firmware | 10.5e |
| citrix | netscaler_gateway_firmware | 10.1.124 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.124 |
| citrix | netscaler_gateway_firmware | 10.1.125 |
| citrix | netscaler_gateway_firmware | 10.1.126 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1.120.1316.e |
Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.5e |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 10.1 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_gateway_firmware | 10.5e |
Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 10.5e |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 10.1 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_gateway_firmware | 10.5e |
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_eus | 7.3 |
| mcafee | enterprise_security_manager | * |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 6.6 |
| redhat | enterprise_linux_server_eus | 7.7 |
| netapp | data_ontap | - |
| citrix | xenserver | 6.2.0 |
| netapp | oncommand_performance_manager | - |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 6.5 |
| citrix | xenserver | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_eus | 6.5 |
| redhat | enterprise_linux_desktop | 6.0 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_eus | 6.7 |
| redhat | enterprise_linux_server_aus | 6.6 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 6.5 |
| ntp | ntp | 4.2.8 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.1 |
| redhat | enterprise_linux_server_aus | 7.6 |
| ntp | ntp | * |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| netapp | clustered_data_ontap | - |
| debian | debian_linux | 9.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| netapp | oncommand_unified_manager | - |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_tus | 6.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| siemens | tim_4r-ie_firmware | * |
| ntp | ntp | 4.2.8 |
| netapp | data_ontap | - |
| citrix | xenserver | 6.2.0 |
| netapp | oncommand_performance_manager | - |
| ntp | ntp | * |
| netapp | clustered_data_ontap | - |
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| netapp | oncommand_unified_manager | - |
| siemens | tim_4r-ie_dnp3_firmware | * |
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_service_delivery_appliance_service_vm | 10.5e |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 10.1 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_service_delivery_appliance_service_vm | 10.5e |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 10.1 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_service_delivery_appliance_service_vm | 10.5e |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 10.1 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 10.1 |
Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | command_center | 5.2 |
| citrix | command_center | 5.1 |
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xen | xen | 4.3.4 |
| xen | xen | 4.4.2 |
| xen | xen | 4.5.3 |
| xen | xen | 4.4.4 |
| xen | xen | 4.5.0 |
| xen | xen | 4.6.1 |
| xen | xen | 4.5.2 |
| xen | xen | 4.4.1 |
| xen | xen | 4.3.2 |
| xen | xen | 4.3.3 |
| xen | xen | 4.4.0 |
| xen | xen | 4.4.3 |
| xen | xen | 4.3.0 |
| xen | xen | 4.3.1 |
| xen | xen | 4.5.1 |
| xen | xen | 4.6.0 |
| citrix | xenserver | 6.0 |
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
| xen | xen | * |
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
CVSS 2.0
Severity: LOW
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| xen | xen | 4.6.3 |
| xen | xen | 4.6.4 |
| citrix | xenserver | 6.2.0 |
| xen | xen | 4.7.1 |
| xen | xen | 4.8.0 |
| xen | xen | 4.6.0 |
| xen | xen | 4.6.1 |
| xen | xen | 4.7.0 |
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-17,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xen | xen | 3.4.3 |
| xen | xen | 3.3.2 |
| xen | xen | 4.3.4 |
| xen | xen | 4.4.2 |
| xen | xen | 3.4.1 |
| xen | xen | 4.2.2 |
| xen | xen | 4.1.1 |
| xen | xen | 4.2.1 |
| xen | xen | 4.4.1 |
| xen | xen | 3.3.1 |
| xen | xen | 3.4.4 |
| xen | xen | 4.3.2 |
| xen | xen | 4.3.3 |
| xen | xen | 4.2.3 |
| xen | xen | 4.4.3 |
| xen | xen | 4.2.5 |
| xen | xen | 4.3.0 |
| xen | xen | 4.5.1 |
| xen | xen | 4.6.0 |
| xen | xen | 4.1.2 |
| xen | xen | 3.4.2 |
| xen | xen | 3.3.0 |
| citrix | xenserver | * |
| xen | xen | 4.2.0 |
| xen | xen | 4.1.6 |
| xen | xen | 4.5.0 |
| xen | xen | 4.1.0 |
| xen | xen | 4.5.2 |
| xen | xen | 4.1.5 |
| xen | xen | 4.1.3 |
| xen | xen | 4.4.0 |
| xen | xen | 4.1.4 |
| xen | xen | 4.3.1 |
| xen | xen | 3.4.0 |
| xen | xen | 4.1.6.1 |
| xen | xen | 4.2.4 |
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler | 10.5e |
| citrix | netscaler | 10.5 |
| citrix | netscaler | 11.0 |
The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler | 10.5e |
| citrix | netscaler | 10.1 |
| citrix | netscaler | 10.5 |
| citrix | netscaler | 11.0 |
Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.0 |
| citrix | xenmobile_server | 10.1 |
| citrix | xenmobile_server | 10.3 |
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.2 |
| hp | helion_openstack | 2.1.4 |
| redhat | enterprise_linux_server_tus | 7.6 |
| hp | helion_openstack | 2.1.2 |
| redhat | enterprise_linux_server_eus | 7.7 |
| canonical | ubuntu_linux | 14.04 |
| qemu | qemu | 2.6.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | virtualization | 3.0 |
| hp | helion_openstack | 2.1.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | openstack | 5.0 |
| debian | debian_linux | 8.0 |
| redhat | openstack | 6.0 |
| oracle | linux | 6 |
| oracle | vm_server | 3.3 |
| oracle | linux | 5 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.2 |
| oracle | vm_server | 3.2 |
| hp | helion_openstack | 2.0.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| citrix | xenserver | * |
| redhat | openstack | 7.0 |
| redhat | openstack | 8 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.6 |
| qemu | qemu | * |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| oracle | linux | 7 |
| redhat | enterprise_linux_server_tus | 7.2 |
| oracle | vm_server | 3.4 |
| canonical | ubuntu_linux | 15.10 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| canonical | ubuntu_linux | 12.04 |
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.7 |
| canonical | ubuntu_linux | 14.04 |
| qemu | qemu | 2.6.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 7.7 |
| oracle | vm_server | 3.3 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_desktop | 7.0 |
| citrix | xenserver | * |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.6 |
| qemu | qemu | * |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| oracle | vm_server | 3.4 |
| canonical | ubuntu_linux | 15.10 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| canonical | ubuntu_linux | 12.04 |
Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenapp | 7.5 |
| citrix | xendesktop | 7.1 |
| citrix | xendesktop | 7.6 |
| citrix | xendesktop | 7.0 |
| citrix | xenapp | 7.6 |
| citrix | xendesktop | 7.5 |
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_11.0_firmware | * |
Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication.
CVSS 2.0
Severity: LOW
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | worx_home | 10.3.1 |
| citrix | worx_home | 10.3.5 |
| citrix | xenmobile_mdx_toolkit | 10.3.5 |
| citrix | worx_home | 10.3.0 |
| citrix | xenmobile_mdx_toolkit | 10.3.0 |
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | * |
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | ios_receiver | * |
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xen | xen | 3.4.3 |
| citrix | xenserver | 6.2.0 |
| xen | xen | 4.2.2 |
| xen | xen | 4.1.1 |
| xen | xen | 4.0.1 |
| xen | xen | 4.0.4 |
| xen | xen | 4.2.1 |
| xen | xen | 4.6.1 |
| xen | xen | 4.7.0 |
| xen | xen | 4.4.1 |
| citrix | xenserver | 7.0 |
| xen | xen | 3.4.4 |
| citrix | xenserver | 6.1 |
| xen | xen | 4.6.3 |
| xen | xen | 4.2.3 |
| xen | xen | 4.3.0 |
| xen | xen | 4.6.0 |
| citrix | xenserver | 6.0 |
| xen | xen | 4.1.2 |
| xen | xen | 4.0.0 |
| xen | xen | 3.4.2 |
| xen | xen | 4.2.0 |
| xen | xen | 4.0.3 |
| xen | xen | 4.5.0 |
| xen | xen | 4.1.0 |
| citrix | xenserver | 6.5.0 |
| xen | xen | 4.1.5 |
| citrix | xenserver | 6.0.2 |
| xen | xen | 4.1.3 |
| xen | xen | 4.4.0 |
| xen | xen | 4.1.4 |
| xen | xen | 4.3.1 |
| xen | xen | 3.4.0 |
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xen | xen | 4.5.3 |
| citrix | xenserver | 6.2.0 |
| xen | xen | 4.5.0 |
| xen | xen | 4.6.1 |
| citrix | xenserver | 6.5.0 |
| xen | xen | 4.5.2 |
| xen | xen | 4.7.0 |
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.1 |
| xen | xen | 4.6.3 |
| xen | xen | 4.5.1 |
| xen | xen | 4.6.0 |
| citrix | xenserver | 6.0 |
The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | license_server | * |
| citrix | license_server_vpx | * |
Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | linux_virtual_delivery_agent | * |
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenapp | 6.5.0.0 |
| citrix | xenapp | 7.7.0.0 |
| citrix | xenapp | 6.0.0.0 |
| citrix | xenapp | 7.8.0.0 |
| citrix | xenapp | 7.5.0.0 |
| citrix | xenapp | 7.1.0.0 |
| citrix | xendesktop | * |
| citrix | xenapp | 7.6.0.0 |
| citrix | xenapp | 7.0.0.0 |
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | * |
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | 11.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 11.0 |
| citrix | netscaler_application_delivery_controller_firmware | * |
Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-254,CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | receiver_desktop | 4.5 |
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
| xen | xen | * |
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
| xen | xen | * |
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 0.8 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
| qemu | qemu | 2.8.0 |
| qemu | qemu | * |
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xen | xen | 4.3.4 |
| xen | xen | 4.4.2 |
| xen | xen | 4.6.4 |
| citrix | xenserver | 6.2.0 |
| xen | xen | 4.2.2 |
| xen | xen | 4.1.1 |
| xen | xen | 4.0.1 |
| xen | xen | 4.0.4 |
| xen | xen | 4.2.1 |
| xen | xen | 4.6.1 |
| xen | xen | 4.7.0 |
| xen | xen | 4.4.1 |
| citrix | xenserver | 7.0 |
| xen | xen | 4.3.2 |
| xen | xen | 4.3.3 |
| xen | xen | 4.6.3 |
| xen | xen | 4.2.3 |
| xen | xen | 4.4.3 |
| xen | xen | 4.2.5 |
| xen | xen | 4.3.0 |
| xen | xen | 4.5.1 |
| xen | xen | 4.6.0 |
| xen | xen | 4.1.2 |
| xen | xen | 4.0.0 |
| xen | xen | 4.5.3 |
| xen | xen | 4.2.0 |
| xen | xen | 4.7.1 |
| xen | xen | 4.0.3 |
| xen | xen | 4.4.4 |
| xen | xen | 4.0.2 |
| xen | xen | 4.5.0 |
| xen | xen | 4.1.0 |
| xen | xen | 4.5.2 |
| xen | xen | 4.1.5 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| xen | xen | 4.1.3 |
| xen | xen | 4.4.0 |
| xen | xen | 4.1.4 |
| xen | xen | 4.3.1 |
| xen | xen | 4.1.6.1 |
| xen | xen | 4.2.4 |
| xen | xen | 4.5.5 |
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
| xen | xen | * |
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xen | xen | 4.4.2 |
| xen | xen | 4.5.3 |
| xen | xen | 4.6.4 |
| citrix | xenserver | 6.2.0 |
| xen | xen | 4.7.1 |
| xen | xen | 4.4.4 |
| xen | xen | 4.5.0 |
| xen | xen | 4.6.1 |
| xen | xen | 4.5.2 |
| xen | xen | 4.7.0 |
| xen | xen | 4.4.1 |
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| xen | xen | 4.6.3 |
| xen | xen | 4.4.0 |
| xen | xen | 4.4.3 |
| xen | xen | 4.5.1 |
| xen | xen | 4.5.5 |
| xen | xen | 4.6.0 |
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
| xen | xen | * |
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-122,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_eus | 7.3 |
| citrix | xenserver | 6.2.0 |
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| debian | debian_linux | 7.0 |
| redhat | openstack | 5.0 |
| redhat | openstack | 6.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | openstack | 10 |
| redhat | openstack | 7.0 |
| redhat | openstack | 8 |
| redhat | enterprise_linux_server_eus | 7.4 |
| qemu | qemu | * |
| redhat | openstack | 9 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | provisioning_services | 7.8 |
| citrix | provisioning_services | 7.9 |
| citrix | provisioning_services | 7.7 |
| citrix | provisioning_services | 7.1 |
| citrix | provisioning_services | 7.0 |
| citrix | provisioning_services | 7.6 |
| citrix | provisioning_services | 7.11 |
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | provisioning_services | 7.8 |
| citrix | provisioning_services | 7.9 |
| citrix | provisioning_services | 7.7 |
| citrix | provisioning_services | 7.1 |
| citrix | provisioning_services | 7.0 |
| citrix | provisioning_services | 7.6 |
| citrix | provisioning_services | 7.11 |
Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | provisioning_services | 7.8 |
| citrix | provisioning_services | 7.9 |
| citrix | provisioning_services | 7.7 |
| citrix | provisioning_services | 7.1 |
| citrix | provisioning_services | 7.0 |
| citrix | provisioning_services | 7.6 |
| citrix | provisioning_services | 7.11 |
Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | provisioning_services | 7.8 |
| citrix | provisioning_services | 7.9 |
| citrix | provisioning_services | 7.7 |
| citrix | provisioning_services | 7.1 |
| citrix | provisioning_services | 7.0 |
| citrix | provisioning_services | 7.6 |
| citrix | provisioning_services | 7.11 |
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | provisioning_services | 7.8 |
| citrix | provisioning_services | 7.9 |
| citrix | provisioning_services | 7.7 |
| citrix | provisioning_services | 7.1 |
| citrix | provisioning_services | 7.0 |
| citrix | provisioning_services | 7.6 |
| citrix | provisioning_services | 7.11 |
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-682,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.0 |
| citrix | xenserver | 7.2 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
| xen | xen | * |
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-682,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.0 |
| citrix | xenserver | 7.2 |
| debian | debian_linux | 9.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
| debian | debian_linux | 8.0 |
| xen | xen | * |
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xen | xen | 4.6.6 |
| xen | xen | 4.7.2 |
| citrix | xenserver | 7.2 |
| xen | xen | 4.6.4 |
| citrix | xenserver | 6.2.0 |
| xen | xen | 4.7.1 |
| xen | xen | 4.6.1 |
| xen | xen | 4.7.0 |
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.0 |
| xen | xen | 4.9.0 |
| debian | debian_linux | 9.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| xen | xen | 4.6.3 |
| xen | xen | 4.6.5 |
| xen | xen | 4.8.1 |
| debian | debian_linux | 8.0 |
| xen | xen | 4.8.0 |
| xen | xen | 4.6.0 |
| xen | xen | 4.7.3 |
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.0 |
| citrix | xenserver | 7.2 |
| debian | debian_linux | 9.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
| debian | debian_linux | 8.0 |
| xen | xen | * |
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | application_delivery_controller_firmware | 11.0 |
| citrix | application_delivery_controller_firmware | 11.1 |
| citrix | netscaler_gateway_firmware | 10.5e |
| citrix | application_delivery_controller_firmware | 10.1 |
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | application_delivery_controller_firmware | 10.5 |
| citrix | application_delivery_controller_firmware | 12.0 |
| citrix | netscaler_gateway_firmware | 10.1 |
| citrix | application_delivery_controller_firmware | 10.5e |
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | application_delivery_controller_firmware | 12.0 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | application_delivery_controller_firmware | 11.0 |
| citrix | application_delivery_controller_firmware | 11.1 |
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | application_delivery_controller_firmware | 12.0 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | application_delivery_controller_firmware | 11.0 |
| citrix | application_delivery_controller_firmware | 11.1 |
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,CWE-125,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_eus | 7.3 |
| citrix | xenserver | 6.2.0 |
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| debian | debian_linux | 7.0 |
| redhat | openstack | 5.0 |
| redhat | openstack | 6.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | openstack | 10 |
| redhat | openstack | 7.0 |
| redhat | openstack | 8 |
| xen | xen | 4.7.1 |
| xen | xen | * |
| redhat | enterprise_linux_server_eus | 7.4 |
| qemu | qemu | * |
| redhat | openstack | 9 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,CWE-125,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_eus | 7.3 |
| citrix | xenserver | 6.2.0 |
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| debian | debian_linux | 7.0 |
| redhat | openstack | 5.0 |
| redhat | openstack | 6.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | openstack | 10 |
| redhat | openstack | 7.0 |
| redhat | openstack | 8 |
| xen | xen | 4.7.1 |
| xen | xen | * |
| redhat | enterprise_linux_server_eus | 7.4 |
| qemu | qemu | * |
| redhat | openstack | 9 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| citrix | xenserver | 6.2.0 |
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller_firmware | * |
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_sd-wan | * |
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | netscaler_gateway_firmware | 10.1 |
| citrix | netscaler_gateway_firmware | 10.5 |
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.4 |
| citrix | xenmobile_server | 10.3.6 |
| citrix | xenmobile_server | 10.3.5 |
| citrix | xenmobile_server | 10.0 |
| citrix | xenmobile_server | 10.5 |
| citrix | xenmobile_server | 10.1 |
| citrix | xenmobile_server | 10.3 |
| citrix | xenmobile_server | 9.0 |
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.8 |
| citrix | xenmobile_server | 10.7 |
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.7 |
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.8 |
| citrix | xenmobile_server | 10.7 |
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.8 |
| citrix | xenmobile_server | 10.7 |
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.7 |
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.8 |
| citrix | xenmobile_server | 10.7 |
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.8 |
| citrix | xenmobile_server | 10.7 |
Citrix XenServer 7.1 and newer allows Directory Traversal.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.4 |
| citrix | xenserver | 7.5 |
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.
CVSS 2.0
Severity: LOW
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile_storagezones_controller | * |
Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile_storagezones_controller | * |
A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | 10.1.0 |
| citrix | netscaler_sd-wan | * |
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | 10.1.0 |
| citrix | netscaler_sd-wan | * |
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | 10.1.0 |
| citrix | netscaler_sd-wan | * |
An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | 10.1.0 |
| citrix | netscaler_sd-wan | * |
An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | 10.1.0 |
| citrix | netscaler_sd-wan | * |
* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | * |
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | * |
Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.9.0 |
| citrix | xenmobile_server | 10.8.0 |
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-459,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.0 |
| debian | debian_linux | 9.0 |
| citrix | xenserver | 7.6 |
| xen | xen | * |
| citrix | xenserver | 7.5 |
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.0 |
| debian | debian_linux | 9.0 |
| citrix | xenserver | 7.6 |
| xen | xen | * |
| citrix | xenserver | 7.5 |
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.0 |
| debian | debian_linux | 9.0 |
| citrix | xenserver | 7.6 |
| xen | xen | * |
| citrix | xenserver | 7.5 |
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.6 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | 1.1 | 4.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intel | core_i7 | 4910mq |
| intel | core_m | 5y31 |
| intel | core_i7 | 5775r |
| intel | core_i7 | 2640m |
| intel | core_i7 | 950 |
| intel | core_i5 | 450m |
| intel | core_i3 | 6100t |
| intel | core_i5 | 655k |
| intel | core_i7 | 4700mq |
| intel | core_i5 | 4288u |
| intel | core_i5 | 3340m |
| intel | core_i7 | 3537u |
| intel | core_i7 | 4500u |
| intel | core_i7 | 4722hq |
| intel | core_i7 | 3517ue |
| intel | core_i7 | 3840qm |
| intel | core_i3 | 380m |
| intel | core_i3 | 3245 |
| intel | core_i5 | 3230m |
| intel | core_i7 | 7700t |
| intel | core_i5 | 6267u |
| intel | core_i7 | 5950hq |
| intel | core_i5 | 6440hq |
| intel | core_i5 | 4200m |
| intel | core_i7 | 3689y |
| intel | core_i5 | 2400s |
| intel | core_i3 | 4030y |
| intel | core_i7 | 3615qm |
| intel | core_i5 | 4402ec |
| intel | core_i3 | 4360t |
| intel | core_i3 | 6157u |
| intel | core_i5 | 4440 |
| intel | core_i5 | 470um |
| intel | core_i3 | 4370 |
| intel | core_i7 | 4712hq |
| intel | core_i7 | 7500u |
| intel | core_i5 | 6260u |
| intel | core_i7 | 4610m |
| citrix | xenserver | 7.3 |
| intel | core_i5 | 2450m |
| intel | core_i5 | 2405s |
| intel | core_i7 | 5650u |
| intel | core_i3 | 380um |
| intel | core_i3 | 2100 |
| intel | core_i3 | 2125 |
| intel | core_i5 | 3570s |
| intel | core_i5 | 4278u |
| intel | core_i3 | 350m |
| intel | core_i7 | 4810mq |
| intel | core_i5 | 6600 |
| intel | core_i5 | 4250u |
| freebsd | freebsd | 11.0 |
| intel | core_i5 | 670 |
| intel | core_i3 | 2375m |
| intel | core_i5 | 4300u |
| intel | core_i7 | 2715qe |
| intel | core_i3 | 3250 |
| intel | core_i7 | 2655le |
| intel | core_i7 | 4790k |
| intel | core_i5 | 3380m |
| intel | core_i5 | 5200u |
| intel | core_i5 | 3570t |
| intel | core_i7 | 990x |
| intel | core_i3 | 3217ue |
| citrix | xenserver | 7.5 |
| intel | core_i7 | 7920hq |
| redhat | enterprise_linux | 6.0 |
| intel | core_i5 | 4260u |
| intel | core_i5 | 6600t |
| intel | core_i5 | 4422e |
| intel | core_i7 | 7820hk |
| intel | core_i3 | 2357m |
| intel | core_m | 5y10 |
| intel | core_i7 | 975 |
| intel | core_i7 | 2600s |
| intel | core_i7 | 3612qe |
| intel | core_i3 | 2100t |
| intel | core_i3 | 4330t |
| intel | core_i5 | 3330s |
| intel | core_i5 | 2500k |
| intel | core_i5 | 4200u |
| intel | core_i7 | 875k |
| intel | core_i3 | 3227u |
| intel | core_i5 | 3550s |
| intel | core_i3 | 4005u |
| intel | core_i3 | 6100u |
| intel | core_i7 | 5700eq |
| intel | core_i3 | 530 |
| intel | core_i7 | 4702mq |
| intel | core_i7 | 970 |
| intel | core_i7 | 4650u |
| intel | core_i7 | 5850eq |
| intel | core_i7 | 7560u |
| intel | core_i3 | 6300 |
| intel | core_i3 | 6006u |
| intel | core_i3 | 6100 |
| intel | core_i7 | 8550u |
| intel | core_i5 | 4670r |
| intel | core_m | 5y70 |
| redhat | enterprise_linux_workstation | 6.0 |
| intel | core_i7 | 4960hq |
| intel | core_i5 | 5287u |
| intel | core_i5 | 4402e |
| intel | core_i7 | 4870hq |
| intel | core_i5 | 3610me |
| intel | core_i5 | 2515e |
| intel | core_i7 | 5850hq |
| intel | core_i3 | 2310e |
| intel | core_i3 | 3240t |
| intel | core_i7 | 7567u |
| intel | core_i3 | 6100e |
| intel | core_i7 | 7600u |
| intel | core_i5 | 6685r |
| intel | core_i3 | 2328m |
| citrix | xenserver | 7.4 |
| intel | core_i3 | 2312m |
| intel | core_i3 | 4100e |
| intel | core_i7 | 2710qe |
| intel | core_i7 | 940xm |
| intel | core_i7 | 3632qm |
| intel | core_i3 | 330e |
| intel | core_i3 | 2370m |
| intel | core_i7 | 4770hq |
| intel | core_i7 | 3520m |
| intel | core_i7 | 7700 |
| intel | core_i3 | 2120 |
| intel | core_m7 | 6y75 |
| intel | core_i3 | 2330m |
| redhat | enterprise_linux_workstation | 7.0 |
| intel | core_i7 | 940 |
| intel | core_i5 | 6600k |
| intel | core_i5 | 6402p |
| intel | core_i5 | 5300u |
| intel | core_i5 | 4690t |
| intel | core_i7 | 620um |
| intel | core_i7 | 870 |
| intel | core_i7 | 5750hq |
| intel | core_i7 | 7700hq |
| intel | core_i3 | 4130 |
| intel | core_i5 | 2500s |
| intel | core_i3 | 4130t |
| intel | core_i7 | 870s |
| intel | core_i5 | 4590s |
| intel | core_i5 | 4210h |
| intel | core_i3 | 2105 |
| intel | core_i7 | 660lm |
| intel | core_i7 | 3610qm |
| intel | core_i7 | 3820qm |
| debian | debian_linux | 8.0 |
| intel | core_i5 | 2467m |
| intel | core_i7 | 2860qm |
| intel | core_i5 | 520m |
| intel | core_i5 | 2500t |
| intel | core_i3 | 390m |
| intel | core_i7 | 3770t |
| intel | core_i3 | 3120m |
| intel | core_i3 | 4360 |
| intel | core_i7 | 4720hq |
| intel | core_i7 | 8700 |
| intel | core_i7 | 3630qm |
| intel | core_i5 | 5675c |
| intel | core_i7 | 2760qm |
| intel | core_i7 | 960 |
| intel | core_i7 | 2617m |
| intel | core_i3 | 2330e |
| intel | core_i7 | 2700k |
| intel | core_i7 | 7820eq |
| intel | core_i5 | 3330 |
| intel | core_i3 | 330um |
| intel | core_i3 | 3110m |
| citrix | xenserver | 7.0 |
| intel | core_i3 | 4160t |
| intel | core_i7 | 4750hq |
| intel | core_i3 | 4010y |
| intel | core_m3 | 6y30 |
| intel | core_i5 | 3340s |
| intel | core_i7 | 4771 |
| intel | core_i7 | 660um |
| intel | core_i5 | 6300hq |
| redhat | enterprise_linux_desktop | 7.0 |
| intel | core_i7 | 620m |
| intel | core_i5 | 750s |
| intel | core_i7 | 7820hq |
| intel | core_i7 | 2637m |
| intel | core_i5 | 4690k |
| intel | core_i3 | 3115c |
| intel | core_i7 | 920 |
| intel | core_i3 | 4150t |
| intel | core_i5 | 4590 |
| intel | core_i5 | 4670 |
| intel | core_i5 | 2380p |
| intel | core_i3 | 2367m |
| intel | core_i5 | 3470s |
| intel | core_i3 | 5157u |
| intel | core_i7 | 620le |
| intel | core_i7 | 880 |
| intel | core_i5 | 6585r |
| intel | core_m3 | 7y30 |
| intel | core_i7 | 740qm |
| intel | core_i3 | 8350k |
| intel | core_i5 | 3439y |
| intel | core_i5 | 4400e |
| intel | core_i7 | 930 |
| intel | core_i3 | 4012y |
| intel | core_i3 | 4170 |
| intel | core_i5 | 4460s |
| intel | core_i7 | 7y75 |
| intel | core_i7 | 4770t |
| intel | core_i7 | 7660u |
| intel | core_i5 | 3340 |
| intel | core_i3 | 2350m |
| intel | core_i3 | 4100m |
| intel | core_i7 | 4578u |
| intel | core_i7 | 5700hq |
| intel | core_i5 | 6400t |
| intel | core_i7 | 3667u |
| intel | core_i3 | 2377m |
| intel | core_i5 | 3350p |
| intel | core_i3 | 5015u |
| intel | core_i5 | 5575r |
| intel | core_i5 | 8600k |
| intel | core_i7 | 965 |
| intel | core_i5 | 750 |
| intel | core_i3 | 3240 |
| intel | core_i5 | 540m |
| intel | core_i5 | 8350u |
| redhat | enterprise_linux_desktop | 6.0 |
| intel | core_i7 | 3540m |
| intel | core_i7 | 3610qe |
| intel | core_i7 | 2720qm |
| intel | core_i5 | 4670s |
| intel | core_i5 | 4570te |
| intel | core_i7 | 4558u |
| intel | core_i5 | 3450 |
| intel | core_i5 | 4310m |
| intel | core_i3 | 3229y |
| intel | core_i7 | 2820qm |
| intel | core_i3 | 4350 |
| intel | core_i5 | 4590t |
| intel | core_i7 | 860s |
| intel | core_i5 | 3360m |
| intel | core_i7 | 4600u |
| intel | core_i7 | 640um |
| intel | core_i5 | 5257u |
| intel | core_i7 | 4860hq |
| intel | core_i7 | 8700k |
| intel | core_i3 | 3217u |
| intel | core_i7 | 8650u |
| intel | core_i5 | 560um |
| intel | core_i7 | 2635qm |
| intel | core_i5 | 4690s |
| intel | core_i7 | 4702ec |
| intel | core_m | 5y51 |
| intel | core_i3 | 2115c |
| intel | core_i7 | 920xm |
| intel | core_i7 | 5775c |
| intel | core_i5 | 3550 |
| intel | core_i5 | 6287u |
| intel | core_i7 | 660ue |
| intel | core_i3 | 4110m |
| redhat | enterprise_linux | 7.0 |
| intel | core_i5 | 2557m |
| intel | core_i5 | 4302y |
| intel | core_i5 | 3475s |
| intel | core_i3 | 4150 |
| intel | core_i3 | 2340ue |
| intel | core_i5 | 4300y |
| intel | core_i5 | 6360u |
| intel | core_i7 | 2677m |
| intel | core_i3 | 4102e |
| intel | core_i5 | 2540m |
| debian | debian_linux | 9.0 |
| intel | core_i7 | 3687u |
| intel | core_i7 | 4770te |
| intel | core_i7 | 4510u |
| intel | core_m3 | 7y32 |
| intel | core_i3 | 5010u |
| intel | core_i7 | 2657m |
| intel | core_i5 | 760 |
| intel | core_i7 | 840qm |
| intel | core_i7 | 4900mq |
| intel | core_i5 | 4460t |
| intel | core_i3 | 6102e |
| intel | core_i5 | 4460 |
| intel | core_i5 | 3427u |
| intel | core_i3 | 6098p |
| citrix | xenserver | 7.1 |
| intel | core_i5 | 2310 |
| intel | core_i5 | 3339y |
| intel | core_i7 | 4710mq |
| intel | core_i5 | 2510e |
| intel | core_i3 | 4010u |
| intel | core_i5 | 2430m |
| intel | core_i5 | 4670t |
| intel | core_i3 | 3220t |
| intel | core_i5 | 5250u |
| intel | core_i3 | 3120me |
| intel | core_i5 | 3470 |
| intel | core_i5 | 2435m |
| intel | core_i7 | 4800mq |
| canonical | ubuntu_linux | 16.04 |
| intel | core_i5 | 460m |
| intel | core_i3 | 4330te |
| intel | core_i5 | 2520m |
| intel | core_i5 | 5350h |
| intel | core_i7 | 4700hq |
| intel | core_i5 | 4570 |
| intel | core_i5 | 4220y |
| intel | core_i7 | 4770 |
| intel | core_i7 | 7700k |
| intel | core_i7 | 3635qm |
| intel | core_i7 | 2960xm |
| intel | core_i7 | 4790 |
| intel | core_i5 | 2320 |
| intel | core_i5 | 4300m |
| intel | core_i7 | 3615qe |
| intel | core_i3 | 4120u |
| intel | core_i5 | 4210u |
| intel | core_i5 | 661 |
| intel | core_i3 | 6100h |
| intel | core_i5 | 2400 |
| intel | core_i5 | 3437u |
| intel | core_i7 | 4950hq |
| intel | core_i7 | 2610ue |
| intel | core_i5 | 650 |
| intel | core_i7 | 2675qm |
| intel | core_i5 | 430um |
| intel | core_i7 | 3720qm |
| intel | core_i5 | 4310u |
| intel | core_i5 | 8400 |
| intel | core_i3 | 4112e |
| intel | core_i5 | 8250u |
| intel | core_i5 | 4570s |
| intel | core_i5 | 660 |
| intel | core_i5 | 4440s |
| intel | core_i7 | 680um |
| intel | core_i7 | 2620m |
| intel | core_i7 | 4712mq |
| intel | core_i5 | 4430s |
| intel | core_i5 | 4570t |
| intel | core_i7 | 4980hq |
| intel | core_i5 | 4308u |
| intel | core_i3 | 3130m |
| intel | core_i3 | 550 |
| intel | core_i3 | 4025u |
| intel | core_i5 | 540um |
| intel | core_i7 | 2600 |
| canonical | ubuntu_linux | 12.04 |
| intel | core_i5 | 6400 |
| intel | core_i3 | 4030u |
| intel | core_i3 | 2120t |
| intel | core_m5 | 6y54 |
| intel | core_i7 | 3555le |
| intel | core_i7 | 2920xm |
| intel | core_i7 | 4550u |
| intel | core_i3 | 4160 |
| intel | core_i5 | 4430 |
| intel | core_i3 | 3210 |
| intel | core_i5 | 520um |
| intel | core_i7 | 5500u |
| intel | core_i3 | 5005u |
| intel | core_i5 | 3317u |
| intel | core_i7 | 4710hq |
| freebsd | freebsd | 11.1 |
| intel | core_i5 | 4200h |
| intel | core_i5 | 4210m |
| intel | core_i7 | 640lm |
| intel | core_i5 | 4340m |
| intel | core_i7 | 2600k |
| intel | core_i7 | 4770r |
| intel | core_i3 | 2102 |
| intel | core_i5 | 4360u |
| intel | core_i7 | 3770 |
| intel | core_i3 | 2130 |
| intel | core_i5 | 680 |
| intel | core_i3 | 4170t |
| intel | core_i7 | 3612qm |
| intel | core_i7 | 4790s |
| intel | core_i3 | 4110e |
| intel | core_i7 | 3740qm |
| intel | core_i3 | 3250t |
| intel | core_i5 | 6350hq |
| intel | core_i7 | 980 |
| intel | core_i5 | 3320m |
| intel | core_i5 | 6440eq |
| intel | core_i7 | 4770s |
| intel | core_i3 | 3225 |
| intel | core_i7 | 640m |
| intel | core_i7 | 5557u |
| intel | core_i7 | 3770k |
| intel | core_i3 | 4158u |
| intel | core_i7 | 5550u |
| intel | core_m | 5y71 |
| intel | core_i3 | 4340 |
| intel | core_i5 | 480m |
| intel | core_m | 5y10c |
| intel | core_i5 | 4202y |
| intel | core_i5 | 2450p |
| intel | core_i7 | 4600m |
| intel | core_i3 | 3220 |
| intel | core_i5 | 2390t |
| intel | core_i7 | 720qm |
| intel | core_i7 | 610e |
| intel | core_i5 | 5350u |
| intel | core_i7 | 3770s |
| intel | core_i5 | 3450s |
| intel | core_i5 | 4350u |
| intel | core_i7 | 4700eq |
| intel | core_i7 | 5600u |
| intel | core_i5 | 430m |
| intel | core_i5 | 4410e |
| intel | core_i7 | 4700ec |
| intel | core_i7 | 2630qm |
| intel | core_i3 | 6300t |
| intel | core_i3 | 6320 |
| intel | core_i5 | 4210y |
| intel | core_i7 | 4770k |
| freebsd | freebsd | 11.2 |
| intel | core_i3 | 330m |
| intel | core_m | 5y10a |
| intel | core_i7 | 4765t |
| intel | core_i3 | 4340te |
| intel | core_i5 | 3570 |
| intel | core_i7 | 4702hq |
| intel | core_i7 | 2629m |
| intel | core_i5 | 6300u |
| intel | core_i3 | 4100u |
| intel | core_i5 | 2300 |
| intel | core_i3 | 8100 |
| intel | core_i5 | 580m |
| intel | core_m5 | 6y57 |
| intel | core_i3 | 5020u |
| intel | core_i7 | 3517u |
| intel | core_i7 | 4850hq |
| intel | core_i7 | 820qm |
| intel | core_i3 | 2365m |
| intel | core_i7 | 4760hq |
| intel | core_i3 | 4000m |
| intel | core_i7 | 4785t |
| intel | core_i7 | 4790t |
| intel | core_i5 | 2500 |
| intel | core_i5 | 6200u |
| intel | core_i7 | 980x |
| intel | core_i5 | 4330m |
| intel | core_i5 | 2537m |
| intel | core_i3 | 2310m |
| intel | core_i5 | 6500 |
| intel | core_i7 | 2649m |
| intel | core_i5 | 3337u |
| intel | core_i3 | 6100te |
| intel | core_i5 | 6500t |
| intel | core_i5 | 2550k |
| intel | core_i3 | 4370t |
| intel | core_i3 | 4330 |
| intel | core_i7 | 620lm |
| intel | core_i5 | 4670k |
| intel | core_i3 | 370m |
| intel | core_i3 | 560 |
| canonical | ubuntu_linux | 14.04 |
| intel | core_i3 | 2348m |
| intel | core_i5 | 6442eq |
| intel | core_i5 | 3210m |
| intel | core_i5 | 4690 |
| intel | core_i7 | 2670qm |
| intel | core_i5 | 3570k |
| intel | core_i5 | 6500te |
| intel | core_i5 | 560m |
| intel | core_i7 | 620ue |
| intel | core_i7 | 860 |
| intel | core_i5 | 4258u |
| intel | core_i3 | 540 |
| intel | core_i5 | 2410m |
| intel | core_i5 | 4200y |
| intel | core_i5 | 4570r |
| intel | core_i3 | 4020y |
| intel | core_i5 | 3470t |
| intel | core_i3 | 6167u |
| intel | core_i5 | 520e |
| intel | core_i5 | 5675r |
| intel | core_i7 | 4610y |
| intel | core_i3 | 4350t |
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | 12.0 |
| citrix | netscaler_application_delivery_controller | 11.1 |
| citrix | netscaler_application_delivery_controller | 12.0 |
| citrix | netscaler_gateway | 11.1 |
| citrix | netscaler_application_delivery_controller | 11.0 |
| citrix | netscaler_sd-wan | 9.3.0 |
| citrix | netscaler_gateway | 11.0 |
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler | 12.0 |
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | netscaler_application_delivery_controller_firmware | 11.1 |
| citrix | netscaler_gateway_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 12.0 |
| citrix | netscaler_application_delivery_controller_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 10.5 |
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | netscaler_application_delivery_controller_firmware | 11.1 |
| citrix | netscaler_gateway_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 12.0 |
| citrix | netscaler_application_delivery_controller_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 10.5 |
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | netscaler_application_delivery_controller_firmware | 11.1 |
| citrix | netscaler_gateway_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 12.0 |
| citrix | netscaler_application_delivery_controller_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 10.5 |
Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | netscaler_application_delivery_controller_firmware | 11.1 |
| citrix | netscaler_gateway_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 12.0 |
| citrix | netscaler_application_delivery_controller_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 10.5 |
The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_gateway_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | application_delivery_controller_firmware | 12.0 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | application_delivery_controller_firmware | 11.0 |
| citrix | application_delivery_controller_firmware | 11.1 |
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenserver | 7.2 |
| apple | mac_os_x | * |
| citrix | xenserver | 6.2.0 |
| canonical | ubuntu_linux | 14.04 |
| synology | skynas | - |
| redhat | enterprise_virtualization_manager | 3.0 |
| canonical | ubuntu_linux | 17.10 |
| citrix | xenserver | 7.1 |
| citrix | xenserver | 7.3 |
| citrix | xenserver | 7.0 |
| xen | xen | - |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| synology | diskstation_manager | 6.1 |
| canonical | ubuntu_linux | 16.04 |
| citrix | xenserver | 7.4 |
| synology | diskstation_manager | 6.0 |
| freebsd | freebsd | * |
| debian | debian_linux | 9.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.5 |
| synology | diskstation_manager | 5.2 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_sd-wan_center | * |
| citrix | citrix_sd-wan_center | * |
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_sd-wan_center | * |
| citrix | citrix_sd-wan_center | * |
Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
| citrix | netscaler_sd-wan | * |
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | receiver | 4.9 |
| citrix | workspace | * |
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
| citrix | netscaler_application_delivery_controller_firmware | * |
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | appdna | * |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
| citrix | netscaler_sd-wan | * |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
| citrix | netscaler_sd-wan | * |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
| citrix | netscaler_sd-wan | * |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
| citrix | netscaler_sd-wan | * |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
| citrix | netscaler_sd-wan | * |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
| citrix | netscaler_sd-wan | * |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
| citrix | netscaler_sd-wan | * |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
| citrix | netscaler_sd-wan | * |
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | storefront_server | * |
Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_management | 13.0 |
| citrix | application_delivery_management | 12.1 |
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | application_delivery_controller_firmware | 10.5 |
| citrix | application_delivery_controller_firmware | 12.1 |
| citrix | netscaler_gateway_firmware | 12.1 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | application_delivery_controller_firmware | 12.0 |
| citrix | gateway_firmware | 13.0 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | application_delivery_controller_firmware | 11.1 |
| citrix | application_delivery_controller_firmware | 13.0 |
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | application_delivery_controller_firmware | 10.5 |
| citrix | application_delivery_controller_firmware | 12.1 |
| citrix | netscaler_gateway_firmware | 12.1 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | application_delivery_controller_firmware | 12.0 |
| citrix | gateway_firmware | 13.0 |
| citrix | netscaler_gateway_firmware | 10.5 |
| citrix | application_delivery_controller_firmware | 11.1 |
| citrix | application_delivery_controller_firmware | 13.0 |
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | 12.0 |
| citrix | netscaler_application_delivery_controller_firmware | 11.1 |
| citrix | netscaler_gateway_firmware | 12.1 |
| citrix | netscaler_gateway_firmware | 11.0 |
| citrix | netscaler_application_delivery_controller_firmware | 12.1 |
| citrix | netscaler_gateway_firmware | 11.1 |
| citrix | netscaler_application_delivery_controller_firmware | 10.5 |
| citrix | netscaler_application_delivery_controller_firmware | 12.0 |
| citrix | netscaler_application_delivery_controller_firmware | 11.0 |
| citrix | netscaler_gateway_firmware | 10.5 |
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile | * |
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile | * |
Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_management | * |
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway_firmware | 11.1 |
| citrix | gateway_firmware | 12.0 |
| citrix | gateway_firmware | 12.1 |
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-444,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway_firmware | 11.1 |
| citrix | gateway_firmware | 12.0 |
| citrix | gateway_firmware | 12.1 |
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-444,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway_firmware | 11.1 |
| citrix | gateway_firmware | 12.0 |
| citrix | gateway_firmware | 12.1 |
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace_app | * |
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace_app | * |
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,CWE-639,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenapp | 6.5.0.0 |
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_sd-wan_center | * |
| citrix | citrix_sd-wan_center | * |
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile_storagezones_controller | * |
| citrix | sharefile_storagezones_controller | 5.7.0 |
| citrix | sharefile_storagezones_controller | 5.6.0 |
| citrix | sharefile_storagezones_controller | 5.9.0 |
| citrix | sharefile_storagezones_controller | 5.8.0 |
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
| citrix | application_delivery_controller_firmware | * |
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-281,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway_firmware | * |
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway_firmware | * |
| citrix | sd-wan_wanop | * |
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway_firmware | * |
| citrix | sd-wan_wanop | * |
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway_firmware | * |
| citrix | sd-wan_wanop | * |
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway_firmware | * |
| citrix | sd-wan_wanop | * |
| citrix | gateway_plug-in_for_linux | * |
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway_firmware | * |
| citrix | sd-wan_wanop | * |
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway_firmware | * |
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway_firmware | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway_firmware | * |
| citrix | sd-wan_wanop | * |
Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway_plug-in_for_linux | * |
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | storefront_server | * |
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | 2002 |
| citrix | workspace | 1912 |
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.11.0 |
| citrix | xenmobile_server | 10.10.0 |
| citrix | xenmobile_server | * |
| citrix | xenmobile_server | 10.9.0 |
| citrix | xenmobile_server | 10.12.0 |
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.11.0 |
| citrix | xenmobile_server | 10.10.0 |
| citrix | xenmobile_server | * |
| citrix | xenmobile_server | 10.9.0 |
| citrix | xenmobile_server | 10.12.0 |
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.11.0 |
| citrix | xenmobile_server | 10.10.0 |
| citrix | xenmobile_server | * |
| citrix | xenmobile_server | 10.9.0 |
| citrix | xenmobile_server | 10.12.0 |
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.11.0 |
| citrix | xenmobile_server | 10.10.0 |
| citrix | xenmobile_server | * |
| citrix | xenmobile_server | 10.9.0 |
| citrix | xenmobile_server | 10.12.0 |
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-749,CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.11.0 |
| citrix | xenmobile_server | 10.10.0 |
| citrix | xenmobile_server | * |
| citrix | xenmobile_server | 10.12.0 |
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
| citrix | sd-wan_wanop | * |
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
| citrix | sd-wan_wanop | * |
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.11.0 |
| citrix | xenmobile_server | 10.10.0 |
| citrix | xenmobile_server | * |
| citrix | xenmobile_server | 10.9.0 |
| citrix | xenmobile_server | 10.12.0 |
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway_plug-in | * |
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway_plug-in | * |
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xendesktop | 7.15 |
| citrix | xendesktop | 7.6 |
| citrix | xenapp | 7.15 |
| citrix | virtual_apps_and_desktops | * |
| citrix | xenapp | * |
| citrix | xenapp | 7.6 |
| citrix | xendesktop | * |
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | virtual_apps_and_desktops | * |
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-23,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan | * |
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | secure_mail | * |
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | secure_mail | * |
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xendesktop | 7.15 |
| citrix | xendesktop | 7.6 |
| citrix | xenapp | 7.15 |
| citrix | virtual_apps_and_desktops | * |
| citrix | xenapp | * |
| citrix | xenapp | 7.6 |
| citrix | xendesktop | * |
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-400,CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
| citrix | sd-wan_wanop | * |
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile_storagezones_controller | * |
| citrix | sharefile_storagezones_controller | 5.7.0 |
| citrix | sharefile_storagezones_controller | 5.6.0 |
| citrix | sharefile_storagezones_controller | 5.9.0 |
| citrix | sharefile_storagezones_controller | 5.8.0 |
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile_storagezones_controller | * |
| citrix | sharefile_storagezones_controller | 5.7.0 |
| citrix | sharefile_storagezones_controller | 5.6.0 |
| citrix | sharefile_storagezones_controller | 5.9.0 |
| citrix | sharefile_storagezones_controller | 5.8.0 |
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-862,CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile_storagezones_controller | * |
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | * |
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-922,CWE-922,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | cloud_connector | * |
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
| citrix | sd-wan_wanop | * |
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_management | 13.0-82.42 |
| citrix | gateway | 12.1-62.25 |
| citrix | gateway | 13.0-82.42 |
| citrix | application_delivery_management | 12.1-62.25 |
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-384,CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xendesktop | 7.15 |
| citrix | xenapp | 7.15 |
| citrix | virtual_apps_and_desktops | 1912 |
| citrix | virtual_apps_and_desktops | * |
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryption” immediately after running the tool are unaffected by this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-311,CWE-311,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile_storagezones_controller | * |
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile_storagezones_controller | * |
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
| citrix | sd-wan | * |
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.13.0 |
| citrix | xenmobile_server | 10.14.0 |
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.13.0 |
| citrix | xenmobile_server | 10.14.0 |
An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | * |
An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway_plug-in | * |
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 10.13.0 |
| citrix | xenmobile_server | 10.14.0 |
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-668,CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | federated_authentication_service | * |
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | storefront_server | * |
Reflected cross site scripting (XSS)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan_4100_firmware | * |
| citrix | sd-wan_410_firmware | * |
| citrix | sd-wan_5100_firmware | * |
| citrix | sd-wan_4000_firmware | * |
| citrix | sd-wan_1100_firmware | * |
| citrix | sd-wan_6100_firmware | * |
| citrix | sd-wan_1000_firmware | * |
| citrix | sd-wan_400_firmware | * |
| citrix | sd-wan_2100_firmware | * |
| citrix | sd-wan_110_firmware | * |
| citrix | sd-wan_210_firmware | * |
| citrix | sd-wan_2000_firmware | * |
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.7 | LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N | 1.2 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan_4100_firmware | * |
| citrix | sd-wan_410_firmware | * |
| citrix | sd-wan_5100_firmware | * |
| citrix | sd-wan_4000_firmware | * |
| citrix | sd-wan_1100_firmware | * |
| citrix | sd-wan_6100_firmware | * |
| citrix | sd-wan_1000_firmware | * |
| citrix | sd-wan_orchestrator | * |
| citrix | sd-wan_400_firmware | * |
| citrix | sd-wan_2100_firmware | * |
| citrix | sd-wan_center_management_console | * |
| citrix | sd-wan_110_firmware | * |
| citrix | sd-wan_210_firmware | * |
| citrix | sd-wan_2000_firmware | * |
Authenticated denial of service
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway | * |
| citrix | application_delivery_controller | * |
Unauthenticated denial of service
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway | 12.1-64.16 |
| citrix | application_delivery_controller | 12.1-64.16 |
Unauthenticated redirection to a malicious website
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
Unauthorized access to Gateway user capabilities
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| secure@citrix.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_management | * |
Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-664,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_management | * |
Remote desktop takeover via phishing
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 8.3 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | 1.6 | 6.0 |
| nvd@nist.gov | 9.6 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H | 2.8 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
User login brute force protection functionality bypass
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway | * |
Unauthenticated remote arbitrary code execution
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | application_delivery_controller_firmware | * |
| citrix | gateway_firmware | * |
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | virtual_apps_and_desktops | 2203 |
| citrix | virtual_apps_and_desktops | 1912 |
| citrix | virtual_apps_and_desktops | * |
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | * |
| citrix | workspace | 2203.1 |
| citrix | workspace | 1912 |
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | * |
| citrix | workspace | 2203.1 |
| citrix | workspace | 1912 |
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | * |
Arbitrary file read in Citrix ADC and Citrix Gateway
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 6.3 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway | * |
| citrix | application_delivery_controller | * |
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| secure@citrix.com | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | gateway | * |
| citrix | application_delivery_controller | * |
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sharefile_storage_zones_controller | * |
Users with only access to launch VDA applications can launch an unauthorized desktop
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | virtual_apps_and_desktops | 2203 |
| citrix | virtual_apps_and_desktops | 1912 |
| citrix | linux_virtual_delivery_agent | * |
| citrix | virtual_apps_and_desktops | * |
| citrix | linux_virtual_delivery_agent | 1912 |
| citrix | linux_virtual_delivery_agent | 2203 |
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | secure_access_client | * |
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 9.6 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H | 2.8 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | secure_access_client | * |
Reflected Cross-Site Scripting (XSS)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 8.3 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | 1.6 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | 11.1-65.22 |
| citrix | netscaler_application_delivery_controller | * |
Privilege Escalation to root administrator (nsroot)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | 11.1-65.22 |
| citrix | netscaler_application_delivery_controller | * |
Unauthenticated remote code execution
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| secure@citrix.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | 11.1-65.22 |
| citrix | netscaler_application_delivery_controller | * |
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| secure@citrix.com | 9.4 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L | 3.9 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | 3.9 | 4.2 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| secure@citrix.com | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N | 0.7 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | virtual_apps_and_desktops | 2203 |
| citrix | virtual_apps_and_desktops | 1912 |
| citrix | virtual_apps_and_desktops | * |
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| secure@citrix.com | 5.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 2.1 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | 3.9 | 4.2 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_console | 13.1 |
| citrix | netscaler_console | 14.1 |
| citrix | netscaler_agent | * |
| citrix | netscaler_agent | 13.0-58.30 |
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@citrix.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | sd-wan_4100_firmware | * |
| citrix | sd-wan_410_firmware | * |
| citrix | sd-wan_5100_firmware | * |
| citrix | sd-wan_4000_firmware | * |
| citrix | sd-wan_1100_firmware | * |
| citrix | sd-wan_6100_firmware | * |
| citrix | sd-wan_1000_firmware | * |
| citrix | sd-wan_400_firmware | * |
| citrix | sd-wan_2100_firmware | * |
| citrix | sd-wan_110_firmware | * |
| citrix | sd-wan_210_firmware | * |
| citrix | sd-wan_2000_firmware | * |
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 9119a7d8-5eab-497f-8521-727c672e3725 | 7.6 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fortinet | forticlient | 7.4.0 |
| f5 | big-ip_access_policy_manager | * |
| watchguard | mobile_vpn_with_ssl | * |
| watchguard | ipsec_mobile_vpn_client | * |
| citrix | secure_access_client | * |
| cisco | secure_client | - |
| cisco | anyconnect_vpn_client | - |
| fortinet | forticlient | * |
| zscaler | client_connector | - |
| paloaltonetworks | globalprotect | * |
| zscaler | client_connector | * |
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | hypervisor | 8.2 |
| citrix | xenserver | 8.0 |
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | * |
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | * |
A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | provisioning | 1912 |
| citrix | provisioning | 2203 |
| citrix | provisioning | * |
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | virtual_apps_and_desktops | 2203 |
| citrix | virtual_apps_and_desktops | 1912 |
| citrix | virtual_apps_and_desktops | * |
Sensitive information disclosure in NetScaler Console
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_console | * |
Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_sdx | * |
| citrix | netscaler_agent | * |
| citrix | netscaler_console | * |
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | * |
| citrix | workspace | 2203.1 |
Privilege escalation in uberAgent
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | uberagent | * |
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | 2402 |
| citrix | workspace | * |
| citrix | workspace | 2203.1 |
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | 2402 |
| citrix | workspace | * |
| citrix | workspace | 2203.1 |
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | session_recording | 2203 |
| citrix | session_recording | * |
| citrix | session_recording | 1912 |
| citrix | session_recording | 2402 |
| citrix | session_recording | 2407 |
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | session_recording | 2203 |
| citrix | session_recording | * |
| citrix | session_recording | 1912 |
| citrix | session_recording | 2402 |
| citrix | session_recording | 2407 |
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | secure_access_client | * |
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | secure_access_client | * |
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | secure_access_client | * |
Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_console | 13.1 |
| citrix | netscaler_sdx | * |
| citrix | netscaler_console | 14.1 |
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | workspace | 2402 |
| citrix | workspace | * |
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | virtual_apps_and_desktops | * |
| citrix | virtual_apps_and_desktops | 2402 |
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_gateway | * |
| citrix | netscaler_application_delivery_controller | * |