MidnightBSD

Advisories for citrix

CVE-2000-0244 HIGH

The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe 1.0
citrix winframe 3.5_1.8_for_windows_nt
citrix metaframe *
CVE-2001-0716 MEDIUM

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe xp_server
citrix metaframe 1.8
citrix metaframe *
CVE-2001-0760 MEDIUM

Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix nfuse 1.51
CVE-2001-0908 HIGH

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe 1.8
CVE-2001-1192 HIGH

Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix ica_client 6.1
CVE-2002-0301 MEDIUM

Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix nfuse 1.6
CVE-2002-0502 MEDIUM

Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix nfuse 1.6
CVE-2002-0503 MEDIUM

Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix nfuse 1.5
CVE-2002-0504 HIGH

Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix nfuse 1.51
citrix nfuse *
CVE-2002-2426 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
citrix access_essentials 1.5
citrix access_essentials 2.0
citrix access_essentials 1.0
citrix presentation_server 4.5
citrix metaframe_presentation_server 3.0
citrix presentation_server 4.0
CVE-2003-1157 MEDIUM

Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe 1.0
CVE-2004-1077 MEDIUM

Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe_client 8.0
citrix program_neighborhood_agent 8.0
CVE-2004-1078 HIGH

Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe_client 8.0
citrix program_neighborhood_agent 8.0
CVE-2004-1902 LOW

The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe_password_manager 2.0
CVE-2005-0822 LOW

Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe_password_manager 2.5
CVE-2005-3134 HIGH

Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe 3.0
citrix metaframe 4.0
CVE-2005-3652 HIGH

Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix ica_program_neighborhood_client 9.1
CVE-2005-3971 MEDIUM

Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe_secure_access_manager 2.1
citrix nfuse 1.0
citrix metaframe_secure_access_manager 2.0
citrix metaframe_secure_access_manager 2.2
CVE-2005-4412 LOW

Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix program_neighborhood_client *
CVE-2006-3779 MEDIUM

Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix metaframe 1.8
citrix metaframe_presentation_server 3.0
citrix presentation_server 4.0
CVE-2009-2213 MEDIUM

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
citrix netscaler_access_gateway_firmware 9.0
citrix netscaler_access_gateway -
citrix netscaler_access_gateway_firmware 7.0
citrix netscaler_access_gateway_firmware 8.0
citrix netscaler_access_gateway_firmware *
CVE-2009-3759 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
citrix xencenterweb -
CVE-2010-0633 MEDIUM

Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix xenserver 5.5
citrix xenserver *
CVE-2010-2619 LOW

Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix xenserver *
CVE-2010-2990 HIGH

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
citrix online_plug-in_for_windows_for_xenapp_&_xendesktop *
citrix ica_client_for_linux *
citrix online_plug-in_for_mac_for_xenapp_&_xendesktop *
citrix ica_client_for_solaris *
citrix receiver_for_windows_mobile *
CVE-2010-2991 HIGH

The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
citrix online_plug-in_for_windows_for_xenapp_&_xendesktop 11.1
citrix online_plug-in_for_windows_for_xenapp_&_xendesktop *
CVE-2010-3699 LOW

The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
citrix xen 3.0.3
citrix xen 3.4.3
citrix xen 3.1.4
citrix xen 3.3.0
citrix xen 3.2.3
citrix xen 3.0.2
citrix xen 3.0.4
citrix xen 3.2.1
citrix xen 3.4.2
citrix xen 3.4.0
citrix xen 3.3.1
citrix xen 3.2.2
citrix xen 3.1.3
citrix xen 3.3.2
citrix xen 3.2.0
citrix xen 3.4.1
CVE-2010-4238 MEDIUM

The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix xen 3.1.2
CVE-2010-4247 MEDIUM

The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
citrix xen 3.0.3
citrix xen 3.1.4
citrix xen 3.3.0
citrix xen 3.2.3
citrix xen *
citrix xen 3.0.2
citrix xen 3.0.4
citrix xen 3.2.1
citrix xen 3.3.1
citrix xen 3.2.2
citrix xen 3.1.3
citrix xen 3.2.0
CVE-2010-4255 MEDIUM

The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix xen 3.0.3
citrix xen 3.4.3
citrix xen 4.0.0
citrix xen 3.1.4
citrix xen 3.3.0
citrix xen 3.1.2
citrix xen 3.2.3
citrix xen *
citrix xen 3.0.2
citrix xen 3.0.4
citrix xen 3.2.1
citrix xen 3.4.2
citrix xen 3.4.0
citrix xen 3.3.1
citrix xen 3.2.2
citrix xen 3.1.3
citrix xen 3.3.2
citrix xen 3.2.0
citrix xen 3.4.1
CVE-2010-4515 MEDIUM

Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix web_interface 5.3
citrix web_interface 5.1
citrix web_interface 5.0
citrix web_interface 5.2
CVE-2010-4566 HIGH

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix access_gateway 9.1-104.5
citrix access_gateway 4.6.1
citrix access_gateway 8.1-69.4
citrix access_gateway 4.5.7
citrix access_gateway 4.6.3
citrix access_gateway 8.0
citrix access_gateway *
citrix access_gateway 9.0.71.3
citrix access_gateway .8.0
citrix access_gateway 4.6.2
citrix access_gateway 4.5.6
citrix access_gateway 4.5
citrix access_gateway 4.5.5
CVE-2011-1101 MEDIUM

Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix licensing_administration_console 11.6
CVE-2011-1583 MEDIUM

Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
citrix xen 4.1.0
citrix xen 4.0.0
citrix xen 3.2.0
citrix xen 3.3.0
CVE-2011-1898 HIGH

Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix xen 4.1.0
citrix xen 4.0.1
citrix xen 4.0.0
CVE-2011-2882 HIGH

Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
citrix access_gateway 9.0
citrix access_gateway 9.1
citrix access_gateway 8.1
CVE-2011-2883 HIGH

The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
citrix access_gateway 9.0
citrix access_gateway 9.1
citrix access_gateway 8.1
CVE-2011-3262 LOW

tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
citrix xen 4.1.0
citrix xen 4.0.0
citrix xen 3.2.0
citrix xen 3.3.0
CVE-2012-0217 HIGH

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
netbsd netbsd *
xen xen 4.0.0
citrix xenserver *
sun sunos *
illumos illumos *
microsoft windows_xp *
xen xen *
xen xen 4.0.3
xen xen 4.0.2
xen xen 4.1.1
xen xen 4.1.0
xen xen 4.0.1
xen xen 4.0.4
freebsd freebsd *
microsoft windows_server_2008 r2
microsoft windows_server_2003 *
microsoft windows_7 *
citrix xenserver 6.0
joyent smartos *
CVE-2012-5616 LOW

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
apache cloudstack 4.0.0
citrix cloudplatform *
CVE-2012-6314 MEDIUM

Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix xendesktop 5.6
CVE-2013-2263 MEDIUM

Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix access_gateway 5.1
citrix access_gateway 5.2
citrix access_gateway 5.3
citrix access_gateway 5.4
citrix access_gateway 5.0
CVE-2013-2601 HIGH

The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix xenclient_xt 3.1.3
citrix xenclient_xt 3.0.0
citrix xenclient_xt *
CVE-2013-2756 MEDIUM

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
citrix cloudplatform 3.0
citrix cloudplatform 3.0.5
apache cloudstack 4.0.0
apache cloudstack 4.0.2
citrix cloudplatform 3.0.3
apache cloudstack 4.0.1
citrix cloudplatform 3.0.4
citrix cloudplatform 3.0.6
CVE-2013-2757 HIGH

Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix cloudplatform 3.0
citrix cloudplatform 3.0.5
citrix cloudplatform 3.0.3
citrix cloudplatform 3.0.4
citrix cloudplatform 3.0.6
CVE-2013-2758 MEDIUM

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
citrix cloudplatform 3.0
citrix cloudplatform 3.0.5
apache cloudstack 4.0.0
apache cloudstack 4.0.2
citrix cloudplatform 3.0.3
apache cloudstack 4.0.1
citrix cloudplatform 3.0.4
citrix cloudplatform 3.0.6
CVE-2013-2767 MEDIUM

Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_access_gateway_firmware 10.0.74.4
citrix netscaler_access_gateway -
citrix netscaler_access_gateway_firmware 9.2
citrix netscaler_access_gateway_firmware 9.1
citrix netscaler_access_gateway_firmware *
citrix netscaler_access_gateway_firmware 10.0
citrix netscaler_access_gateway_firmware 9.3
CVE-2013-2933 HIGH

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix cloudportal_services_manager 10.0
CVE-2013-2934 HIGH

Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix cloudportal_services_manager *
citrix cloudportal_services_manager 10.0
CVE-2013-2935 HIGH

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix cloudportal_services_manager *
citrix cloudportal_services_manager 10.0
CVE-2013-2936 HIGH

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix cloudportal_services_manager *
citrix cloudportal_services_manager 10.0
CVE-2013-2937 HIGH

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different vulnerability than other CVEs listed in CTX137162.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix cloudportal_services_manager *
citrix cloudportal_services_manager 10.0
CVE-2013-2938 HIGH

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix cloudportal_services_manager *
citrix cloudportal_services_manager 10.0
CVE-2013-2939 HIGH

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix cloudportal_services_manager *
citrix cloudportal_services_manager 10.0
CVE-2013-2940 HIGH

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix cloudportal_services_manager *
citrix cloudportal_services_manager 10.0
CVE-2013-3619 MEDIUM

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
supermicro smt_x9_firmware *
citrix netscaler_firmware -
supermicro smt_x8_firmware *
citrix netscaler_sd-wan_firmware -
citrix netscaler_sdx_firmware 10
CVE-2013-3620 MEDIUM

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
supermicro smt_x9_firmware *
citrix netscaler_firmware -
supermicro smt_x8_firmware *
citrix netscaler_sd-wan_firmware -
citrix netscaler_sdx_firmware 10
CVE-2013-6011 HIGH

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.0.e
citrix netscaler_application_delivery_controller -
citrix netscaler_application_delivery_controller_firmware 10.0
CVE-2013-6077 MEDIUM

Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix xendesktop 7.0
CVE-2013-6938 MEDIUM

Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to the "Virtual Machine Daemon."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_application_delivery_controller_firmware 10.0
citrix netscaler_application_delivery_controller_firmware 9.3(1)
citrix netscaler_application_delivery_controller_firmware 9.3.e
CVE-2013-6939 MEDIUM

Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to "RADIUS authentication."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_application_delivery_controller_firmware 10.0
citrix netscaler_application_delivery_controller_firmware 9.3(1)
citrix netscaler_application_delivery_controller_firmware 9.3.e
CVE-2013-6940 MEDIUM

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_application_delivery_controller_firmware 10.0
citrix netscaler_application_delivery_controller_firmware 9.3(1)
citrix netscaler_application_delivery_controller_firmware 9.3.e
CVE-2013-6941 HIGH

Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_application_delivery_controller_firmware 10.0
citrix netscaler_application_delivery_controller_firmware 9.3(1)
citrix netscaler_application_delivery_controller_firmware 9.3.e
CVE-2013-6942 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_application_delivery_controller_firmware 10.0
citrix netscaler_application_delivery_controller_firmware 9.3(1)
citrix netscaler_application_delivery_controller_firmware 9.3.e
CVE-2013-6943 MEDIUM

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_application_delivery_controller_firmware 10.0
citrix netscaler_application_delivery_controller_firmware 9.3(1)
citrix netscaler_application_delivery_controller_firmware 9.3.e
CVE-2013-6944 MEDIUM

Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_application_delivery_controller_firmware 10.0
citrix netscaler_application_delivery_controller_firmware 9.3(1)
citrix netscaler_application_delivery_controller_firmware 9.3.e
CVE-2014-1663 MEDIUM

Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix xenmobile_device_manager 8.6
citrix xenmobile_device_manager_mdm 8.0.1
citrix xenmobile_device_manager 8.5
CVE-2014-1664 MEDIUM

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix gotomeeting 5.0.799.1238
CVE-2014-1899 MEDIUM

Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_access_gateway_firmware 10.0.74.4
citrix netscaler_access_gateway_firmware 9.3.61.5
citrix netscaler_access_gateway -
citrix netscaler_access_gateway_firmware 10.1
citrix netscaler_access_gateway_firmware 9.3.62.4
citrix netscaler_access_gateway_firmware 10.0
citrix netscaler_access_gateway_firmware 9.3
CVE-2014-1910 MEDIUM

Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
citrix sharefile_mobile_for_tablets *
citrix sharefile_mobile *
CVE-2014-2690 LOW

Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix vdi-in-a-box 5.3.3
citrix vdi-in-a-box 5.4.1
citrix vdi-in-a-box 5.3.1
citrix vdi-in-a-box 5.4.0
citrix vdi-in-a-box 5.3.2
citrix vdi-in-a-box 5.3.5
citrix vdi-in-a-box 5.4.2
citrix vdi-in-a-box 5.3.0
citrix vdi-in-a-box 5.3.4
CVE-2014-2881 HIGH

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_access_gateway -
citrix netscaler_application_delivery_controller -
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_application_delivery_controller_firmware *
citrix netscaler_access_gateway_firmware *
citrix netscaler_access_gateway_firmware 9.3
CVE-2014-2882 HIGH

Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_access_gateway -
citrix netscaler_application_delivery_controller -
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_application_delivery_controller_firmware *
citrix netscaler_access_gateway_firmware *
citrix netscaler_access_gateway_firmware 9.3
CVE-2014-3780 HIGH

Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
citrix vdi-in-a-box 5.3.3
citrix vdi-in-a-box 5.4.1
citrix vdi-in-a-box 5.4.0
citrix vdi-in-a-box 5.3.2
citrix vdi-in-a-box 5.3.5
citrix vdi-in-a-box 5.3.7
citrix vdi-in-a-box 5.3.1
citrix vdi-in-a-box 5.4.2
citrix vdi-in-a-box 5.3.0
citrix vdi-in-a-box 5.3.4
citrix vdi-in-a-box 5.3.6
citrix vdi-in-a-box 5.4.3
CVE-2014-3798 MEDIUM

The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
citrix xenserver 6.0.2
citrix xenserver 6.2.0
citrix xenserver 6.0
citrix xenserver 6.1.0
CVE-2014-4346 MEDIUM

Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_access_gateway -
citrix netscaler_access_gateway_firmware 10.1
citrix netscaler_application_delivery_controller -
citrix netscaler_application_delivery_controller_firmware 10.1
CVE-2014-4347 MEDIUM

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix netscaler_access_gateway -
citrix netscaler_application_delivery_controller_firmware 9.3
citrix netscaler_access_gateway_firmware 10.1
citrix netscaler_application_delivery_controller -
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_access_gateway_firmware 9.3
CVE-2014-4700 MEDIUM

Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix xendesktop 5.6
citrix xendesktop 4.0
citrix xendesktop *
CVE-2014-4947 HIGH

Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
citrix xenserver 6.2.0
CVE-2014-4948 MEDIUM

Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix xenserver 6.2.0
CVE-2014-6271 HIGH

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
ibm software_defined_network_for_virtual_environments *
redhat enterprise_linux 4.0
suse linux_enterprise_desktop 11
vmware esx 4.1
redhat enterprise_linux_server_aus 5.6
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
ibm stn7800_firmware *
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_tus 7.6
f5 big-ip_advanced_firewall_manager *
f5 traffix_signaling_delivery_controller *
redhat enterprise_linux_eus 7.7
ibm qradar_security_information_and_event_manager 7.2.2
vmware vcenter_server_appliance 5.5
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
ibm qradar_vulnerability_manager 7.2.8
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
vmware vcenter_server_appliance 5.1
ibm storwize_v3500_firmware *
f5 traffix_signaling_delivery_controller 3.4.1
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
f5 traffix_signaling_delivery_controller 4.1.0
redhat enterprise_linux_server 6.0
ibm smartcloud_entry_appliance 2.4.0
checkpoint security_gateway *
oracle linux 6
redhat enterprise_linux_for_power_big_endian 5.0_ppc
redhat enterprise_linux_server_from_rhui 7.0
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux 7.0
redhat enterprise_linux_server_from_rhui 5.0
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
suse linux_enterprise_server 11
novell zenworks_configuration_management 11.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
f5 big-ip_policy_enforcement_manager *
f5 big-iq_security *
redhat enterprise_linux_server_tus 7.7
ibm qradar_security_information_and_event_manager 7.2.9
ibm qradar_security_information_and_event_manager 7.1.2
redhat enterprise_linux_server_aus 7.6
vmware esx 4.0
f5 big-ip_application_security_manager 11.6.0
ibm qradar_security_information_and_event_manager 7.2.3
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_global_traffic_manager *
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
ibm qradar_vulnerability_manager 7.2.4
ibm starter_kit_for_cloud 2.2.0
f5 big-ip_analytics *
f5 big-ip_link_controller 11.6.0
ibm qradar_security_information_and_event_manager 7.1.0
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
f5 traffix_signaling_delivery_controller 3.5.1
redhat enterprise_linux_eus 6.5
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
ibm qradar_security_information_and_event_manager 7.2.8.15
ibm smartcloud_entry_appliance 3.2.0
f5 arx_firmware *
suse linux_enterprise_server 12
vmware vcenter_server_appliance 5.0
f5 big-ip_webaccelerator *
oracle linux 4
redhat enterprise_linux_server 5.0
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
redhat enterprise_linux_server_aus 5.9
ibm qradar_security_information_and_event_manager 7.2
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
ibm flex_system_v7000_firmware *
ibm stn6500_firmware *
redhat enterprise_linux_eus 5.9
ibm pureapplication_system 2.0.0.0
redhat virtualization 3.4
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
f5 big-ip_global_traffic_manager 11.6.0
redhat enterprise_linux_desktop 7.0
ibm qradar_vulnerability_manager 7.2.0
f5 big-ip_analytics 11.6.0
f5 big-iq_cloud *
ibm smartcloud_provisioning 2.1.0
gnu bash *
ibm san_volume_controller_firmware *
ibm qradar_security_information_and_event_manager 7.2.7
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
opensuse opensuse 12.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
arista eos *
novell zenworks_configuration_management 10.3
f5 big-ip_application_acceleration_manager *
suse studio_onsite 1.3
f5 big-ip_local_traffic_manager *
f5 big-ip_edge_gateway *
redhat enterprise_linux_server_from_rhui 6.0
ibm qradar_security_information_and_event_manager 7.2.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux 6.0
suse linux_enterprise_software_development_kit 11
f5 big-ip_application_security_manager *
f5 big-ip_link_controller *
ibm qradar_risk_manager 7.1.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm infosphere_guardium_database_activity_monitoring 8.2
redhat enterprise_linux_for_scientific_computing 6.0
f5 big-ip_access_policy_manager *
canonical ubuntu_linux 10.04
ibm storwize_v3700_firmware *
ibm qradar_vulnerability_manager 7.2.2
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_server_aus 7.7
oracle linux 5
redhat enterprise_linux_server_aus 7.3
ibm infosphere_guardium_database_activity_monitoring 9.0
qnap qts 4.1.1
novell zenworks_configuration_management 11.3.0
f5 big-iq_device *
f5 traffix_signaling_delivery_controller 3.3.2
redhat enterprise_linux 5.0
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
ibm qradar_vulnerability_manager 7.2.3
ibm workload_deployer *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
f5 enterprise_manager *
ibm smartcloud_entry_appliance 2.3.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
f5 big-ip_local_traffic_manager 11.6.0
ibm qradar_security_information_and_event_manager 7.1.1
novell open_enterprise_server 11.0
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 12.04
opensuse opensuse 13.1
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
suse linux_enterprise_server 10
apple mac_os_x *
mageia mageia 4.0
canonical ubuntu_linux 14.04
citrix netscaler_sdx_firmware *
redhat enterprise_linux_eus 6.4
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_wan_optimization_manager *
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
redhat enterprise_linux_for_scientific_computing 7.0
suse linux_enterprise_desktop 12
suse linux_enterprise_software_development_kit 12
redhat gluster_storage_server_for_on-premise 2.1
ibm qradar_vulnerability_manager 7.2.6
ibm qradar_security_information_and_event_manager 7.2.5
ibm qradar_security_information_and_event_manager 7.2.4
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
novell zenworks_configuration_management 11.2
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.4
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
redhat enterprise_linux_eus 7.5
ibm storwize_v5000_firmware *
f5 big-ip_application_acceleration_manager 11.6.0
ibm qradar_security_information_and_event_manager 7.2.1
ibm storwize_v7000_firmware *
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
opensuse opensuse 13.2
redhat enterprise_linux_server_tus 7.3
qnap qts *
redhat enterprise_linux_for_power_big_endian 5.9_ppc
novell zenworks_configuration_management 11
ibm smartcloud_entry_appliance 3.1.0
redhat enterprise_linux_server_aus 7.4
f5 big-ip_protocol_security_module *
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
redhat enterprise_linux_server_aus 6.2
ibm qradar_security_information_and_event_manager 7.2.6
novell open_enterprise_server 2.0
redhat enterprise_linux_workstation 7.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
mageia mageia 3.0
ibm stn6800_firmware *
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.6.0
ibm qradar_security_information_and_event_manager 7.2.8
ibm pureapplication_system *
ibm qradar_vulnerability_manager 7.2.1
CVE-2014-7140 HIGH

Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_application_delivery_controller_firmware 10.0
CVE-2014-7169 HIGH

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
ibm software_defined_network_for_virtual_environments *
redhat enterprise_linux 4.0
suse linux_enterprise_desktop 11
vmware esx 4.1
redhat enterprise_linux_server_aus 5.6
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
ibm stn7800_firmware *
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_tus 7.6
f5 big-ip_advanced_firewall_manager *
f5 traffix_signaling_delivery_controller *
redhat enterprise_linux_eus 7.7
ibm qradar_security_information_and_event_manager 7.2.2
vmware vcenter_server_appliance 5.5
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
ibm qradar_vulnerability_manager 7.2.8
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
vmware vcenter_server_appliance 5.1
ibm storwize_v3500_firmware *
f5 traffix_signaling_delivery_controller 3.4.1
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
f5 traffix_signaling_delivery_controller 4.1.0
redhat enterprise_linux_server 6.0
ibm smartcloud_entry_appliance 2.4.0
checkpoint security_gateway *
oracle linux 6
redhat enterprise_linux_for_power_big_endian 5.0_ppc
redhat enterprise_linux_server_from_rhui 7.0
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux 7.0
redhat enterprise_linux_server_from_rhui 5.0
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
suse linux_enterprise_server 11
novell zenworks_configuration_management 11.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
f5 big-ip_policy_enforcement_manager *
f5 big-iq_security *
redhat enterprise_linux_server_tus 7.7
ibm qradar_security_information_and_event_manager 7.2.9
ibm qradar_security_information_and_event_manager 7.1.2
redhat enterprise_linux_server_aus 7.6
vmware esx 4.0
f5 big-ip_application_security_manager 11.6.0
ibm qradar_security_information_and_event_manager 7.2.3
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_global_traffic_manager *
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
ibm qradar_vulnerability_manager 7.2.4
ibm starter_kit_for_cloud 2.2.0
f5 big-ip_analytics *
f5 big-ip_link_controller 11.6.0
ibm qradar_security_information_and_event_manager 7.1.0
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
f5 traffix_signaling_delivery_controller 3.5.1
redhat enterprise_linux_eus 6.5
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
ibm qradar_security_information_and_event_manager 7.2.8.15
ibm smartcloud_entry_appliance 3.2.0
f5 arx_firmware *
suse linux_enterprise_server 12
vmware vcenter_server_appliance 5.0
f5 big-ip_webaccelerator *
oracle linux 4
redhat enterprise_linux_server 5.0
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
redhat enterprise_linux_server_aus 5.9
ibm qradar_security_information_and_event_manager 7.2
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
ibm flex_system_v7000_firmware *
ibm stn6500_firmware *
redhat enterprise_linux_eus 5.9
ibm pureapplication_system 2.0.0.0
redhat virtualization 3.4
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
f5 big-ip_global_traffic_manager 11.6.0
redhat enterprise_linux_desktop 7.0
ibm qradar_vulnerability_manager 7.2.0
f5 big-ip_analytics 11.6.0
f5 big-iq_cloud *
ibm smartcloud_provisioning 2.1.0
gnu bash *
ibm san_volume_controller_firmware *
ibm qradar_security_information_and_event_manager 7.2.7
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
opensuse opensuse 12.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
arista eos *
novell zenworks_configuration_management 10.3
f5 big-ip_application_acceleration_manager *
suse studio_onsite 1.3
f5 big-ip_local_traffic_manager *
f5 big-ip_edge_gateway *
redhat enterprise_linux_server_from_rhui 6.0
ibm qradar_security_information_and_event_manager 7.2.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux 6.0
suse linux_enterprise_software_development_kit 11
f5 big-ip_application_security_manager *
f5 big-ip_link_controller *
ibm qradar_risk_manager 7.1.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm infosphere_guardium_database_activity_monitoring 8.2
redhat enterprise_linux_for_scientific_computing 6.0
f5 big-ip_access_policy_manager *
canonical ubuntu_linux 10.04
ibm storwize_v3700_firmware *
ibm qradar_vulnerability_manager 7.2.2
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_server_aus 7.7
oracle linux 5
redhat enterprise_linux_server_aus 7.3
ibm infosphere_guardium_database_activity_monitoring 9.0
qnap qts 4.1.1
novell zenworks_configuration_management 11.3.0
f5 big-iq_device *
f5 traffix_signaling_delivery_controller 3.3.2
redhat enterprise_linux 5.0
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
ibm qradar_vulnerability_manager 7.2.3
ibm workload_deployer *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
f5 enterprise_manager *
ibm smartcloud_entry_appliance 2.3.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
f5 big-ip_local_traffic_manager 11.6.0
ibm qradar_security_information_and_event_manager 7.1.1
novell open_enterprise_server 11.0
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 12.04
opensuse opensuse 13.1
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
suse linux_enterprise_server 10
apple mac_os_x *
mageia mageia 4.0
canonical ubuntu_linux 14.04
citrix netscaler_sdx_firmware *
redhat enterprise_linux_eus 6.4
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_wan_optimization_manager *
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
redhat enterprise_linux_for_scientific_computing 7.0
suse linux_enterprise_desktop 12
suse linux_enterprise_software_development_kit 12
redhat gluster_storage_server_for_on-premise 2.1
ibm qradar_vulnerability_manager 7.2.6
ibm qradar_security_information_and_event_manager 7.2.5
ibm qradar_security_information_and_event_manager 7.2.4
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
novell zenworks_configuration_management 11.2
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.4
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
redhat enterprise_linux_eus 7.5
ibm storwize_v5000_firmware *
f5 big-ip_application_acceleration_manager 11.6.0
ibm qradar_security_information_and_event_manager 7.2.1
ibm storwize_v7000_firmware *
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
opensuse opensuse 13.2
redhat enterprise_linux_server_tus 7.3
qnap qts *
redhat enterprise_linux_for_power_big_endian 5.9_ppc
novell zenworks_configuration_management 11
ibm smartcloud_entry_appliance 3.1.0
redhat enterprise_linux_server_aus 7.4
f5 big-ip_protocol_security_module *
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
redhat enterprise_linux_server_aus 6.2
ibm qradar_security_information_and_event_manager 7.2.6
novell open_enterprise_server 2.0
redhat enterprise_linux_workstation 7.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
mageia mageia 3.0
ibm stn6800_firmware *
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.6.0
ibm qradar_security_information_and_event_manager 7.2.8
ibm pureapplication_system *
ibm qradar_vulnerability_manager 7.2.1
CVE-2014-8495 MEDIUM

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
citrix xenmobile 8.5
citrix xenmobile 9.0
citrix xenmobile *
citrix xenmobile 8.7
citrix xenmobile 8.6
citrix xenmobile 9.0.2
CVE-2014-8580 MEDIUM

Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.1.128
citrix netscaler_gateway_firmware 10.1.121
citrix netscaler_gateway_firmware 10.1.127
citrix netscaler_gateway_firmware 10.1.122
citrix netscaler_application_delivery_controller_firmware 10.1.129
citrix netscaler_application_delivery_controller_firmware 10.1.125
citrix netscaler_gateway_firmware 10.1.120.1316.e
citrix netscaler_gateway_firmware 10.1.123
citrix netscaler_gateway_firmware 10.5.50.10
citrix netscaler_application_delivery_controller_firmware 10.1.121
citrix netscaler_application_delivery_controller_firmware 10.5.51.10
citrix netscaler_gateway_firmware 10.5.51.10
citrix netscaler_application_delivery_controller_firmware 10.1.127
citrix netscaler_gateway_firmware 10.1.129
citrix netscaler_application_delivery_controller_firmware 10.5.50.10
citrix netscaler_application_delivery_controller_firmware 10.1.122
citrix netscaler_application_delivery_controller_firmware 10.1.126
citrix netscaler_application_delivery_controller_firmware 10.1.123
citrix netscaler_gateway_firmware 10.1.128
citrix netscaler_gateway_firmware 10.1.124
citrix netscaler_application_delivery_controller_firmware 10.1.124
citrix netscaler_gateway_firmware 10.1.125
citrix netscaler_gateway_firmware 10.1.126
citrix netscaler_application_delivery_controller_firmware 10.1.120.1316.e
CVE-2015-2682 MEDIUM

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
citrix command_center 5.2
citrix command_center 5.1
CVE-2015-2683 HIGH

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix command_center 5.2
citrix command_center 5.1
CVE-2015-2829 HIGH

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_gateway_firmware 10.5
citrix netscaler_gateway_firmware 10.5e
CVE-2015-2838 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
citrix netscaler 10.5
CVE-2015-2839 MEDIUM

The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler 10.5
CVE-2015-2840 MEDIUM

Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler 10.5
CVE-2015-2841 MEDIUM

Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
citrix netscaler 10.5
CVE-2015-3642 MEDIUM

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix netscaler_gateway -
citrix netscaler_application_delivery_controller -
CVE-2015-4106 MEDIUM

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
suse linux_enterprise_desktop 11
fedoraproject fedora 21
suse linux_enterprise_server 11
suse linux_enterprise_software_development_kit 11
citrix xenserver 6.2.0
fedoraproject fedora 20
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.04
qemu qemu *
citrix xenserver 6.1.0
suse linux_enterprise_desktop 12
suse linux_enterprise_software_development_kit 12
citrix xenserver 6.0.2
citrix xenserver 6.5
debian debian_linux 7.0
debian debian_linux 8.0
citrix xenserver 6.0
canonical ubuntu_linux 12.04
fedoraproject fedora 22
canonical ubuntu_linux 14.10
suse linux_enterprise_server 12
CVE-2015-5080 HIGH

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.5e
citrix netscaler_application_delivery_controller_firmware 10.1.128
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_gateway_firmware 10.1.121
citrix netscaler_gateway_firmware 10.1.127
citrix netscaler_gateway_firmware 10.1.122
citrix netscaler_application_delivery_controller_firmware 10.1.129
citrix netscaler_application_delivery_controller_firmware 10.1.125
citrix netscaler_gateway_firmware 10.1.120.1316.e
citrix netscaler_gateway_firmware 10.1.123
citrix netscaler_gateway_firmware 10.5.50.10
citrix netscaler_application_delivery_controller_firmware 10.1.121
citrix netscaler_gateway_firmware 10.5.51.10
citrix netscaler_application_delivery_controller_firmware 10.1.127
citrix netscaler_gateway_firmware 10.1.129
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_gateway_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 10.1.122
citrix netscaler_application_delivery_controller_firmware 10.1.126
citrix netscaler_application_delivery_controller_firmware 10.1.123
citrix netscaler_gateway_firmware 10.1.128
citrix netscaler_gateway_firmware 10.5e
citrix netscaler_gateway_firmware 10.1.124
citrix netscaler_application_delivery_controller_firmware 10.1.124
citrix netscaler_gateway_firmware 10.1.125
citrix netscaler_gateway_firmware 10.1.126
citrix netscaler_application_delivery_controller_firmware 10.1.120.1316.e
CVE-2015-5538 HIGH

Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.5e
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_gateway_firmware 10.1
citrix netscaler_gateway_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_gateway_firmware 10.5e
CVE-2015-6672 MEDIUM

Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 10.5e
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_gateway_firmware 10.1
citrix netscaler_gateway_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 10.1
citrix netscaler_gateway_firmware 10.5e
CVE-2015-7704 MEDIUM

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.3
mcafee enterprise_security_manager *
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 6.6
redhat enterprise_linux_server_eus 7.7
netapp data_ontap -
citrix xenserver 6.2.0
netapp oncommand_performance_manager -
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 6.5
citrix xenserver 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 6.5
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
debian debian_linux 8.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 6.7
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 6.5
ntp ntp 4.2.8
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.1
redhat enterprise_linux_server_aus 7.6
ntp ntp *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.5
netapp clustered_data_ontap -
debian debian_linux 9.0
citrix xenserver 6.0.2
citrix xenserver 6.5
netapp oncommand_unified_manager -
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
CVE-2015-7705 HIGH

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens tim_4r-ie_firmware *
ntp ntp 4.2.8
netapp data_ontap -
citrix xenserver 6.2.0
netapp oncommand_performance_manager -
ntp ntp *
netapp clustered_data_ontap -
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
netapp oncommand_unified_manager -
siemens tim_4r-ie_dnp3_firmware *
CVE-2015-7996 MEDIUM

The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix netscaler_service_delivery_appliance_service_vm 10.5e
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_gateway_firmware 10.1
citrix netscaler_gateway_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 10.1
CVE-2015-7997 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_service_delivery_appliance_service_vm 10.5e
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_gateway_firmware 10.1
citrix netscaler_gateway_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 10.1
CVE-2015-7998 MEDIUM

The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix netscaler_service_delivery_appliance_service_vm 10.5e
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_gateway_firmware 10.1
citrix netscaler_gateway_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 10.1
CVE-2015-7999 MEDIUM

Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
citrix command_center 5.2
citrix command_center 5.1
CVE-2015-8555 MEDIUM

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
xen xen 4.3.4
xen xen 4.4.2
xen xen 4.5.3
xen xen 4.4.4
xen xen 4.5.0
xen xen 4.6.1
xen xen 4.5.2
xen xen 4.4.1
xen xen 4.3.2
xen xen 4.3.3
xen xen 4.4.0
xen xen 4.4.3
xen xen 4.3.0
xen xen 4.3.1
xen xen 4.5.1
xen xen 4.6.0
citrix xenserver 6.0
CVE-2016-10024 MEDIUM

Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
xen xen *
CVE-2016-10025 LOW

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
xen xen 4.6.3
xen xen 4.6.4
citrix xenserver 6.2.0
xen xen 4.7.1
xen xen 4.8.0
xen xen 4.6.0
xen xen 4.6.1
xen xen 4.7.0
CVE-2016-1571 MEDIUM

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
xen xen 3.4.3
xen xen 3.3.2
xen xen 4.3.4
xen xen 4.4.2
xen xen 3.4.1
xen xen 4.2.2
xen xen 4.1.1
xen xen 4.2.1
xen xen 4.4.1
xen xen 3.3.1
xen xen 3.4.4
xen xen 4.3.2
xen xen 4.3.3
xen xen 4.2.3
xen xen 4.4.3
xen xen 4.2.5
xen xen 4.3.0
xen xen 4.5.1
xen xen 4.6.0
xen xen 4.1.2
xen xen 3.4.2
xen xen 3.3.0
citrix xenserver *
xen xen 4.2.0
xen xen 4.1.6
xen xen 4.5.0
xen xen 4.1.0
xen xen 4.5.2
xen xen 4.1.5
xen xen 4.1.3
xen xen 4.4.0
xen xen 4.1.4
xen xen 4.3.1
xen xen 3.4.0
xen xen 4.1.6.1
xen xen 4.2.4
CVE-2016-2071 HIGH

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix netscaler 10.5e
citrix netscaler 10.5
citrix netscaler 11.0
CVE-2016-2072 MEDIUM

The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
citrix netscaler 10.5e
citrix netscaler 10.1
citrix netscaler 10.5
citrix netscaler 11.0
CVE-2016-2789 MEDIUM

Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.0
citrix xenmobile_server 10.1
citrix xenmobile_server 10.3
CVE-2016-3710 HIGH

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.2
hp helion_openstack 2.1.4
redhat enterprise_linux_server_tus 7.6
hp helion_openstack 2.1.2
redhat enterprise_linux_server_eus 7.7
canonical ubuntu_linux 14.04
qemu qemu 2.6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
redhat virtualization 3.0
hp helion_openstack 2.1.0
redhat enterprise_linux_desktop 6.0
redhat openstack 5.0
debian debian_linux 8.0
redhat openstack 6.0
oracle linux 6
oracle vm_server 3.3
oracle linux 5
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.2
oracle vm_server 3.2
hp helion_openstack 2.0.0
redhat enterprise_linux_desktop 7.0
citrix xenserver *
redhat openstack 7.0
redhat openstack 8
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
qemu qemu *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.5
oracle linux 7
redhat enterprise_linux_server_tus 7.2
oracle vm_server 3.4
canonical ubuntu_linux 15.10
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 12.04
CVE-2016-3712 LOW

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.7
canonical ubuntu_linux 14.04
qemu qemu 2.6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
redhat enterprise_linux_server_aus 7.7
oracle vm_server 3.3
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 7.0
citrix xenserver *
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
qemu qemu *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.5
oracle vm_server 3.4
canonical ubuntu_linux 15.10
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 12.04
CVE-2016-4810 MEDIUM

Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
citrix xenapp 7.5
citrix xendesktop 7.1
citrix xendesktop 7.6
citrix xendesktop 7.0
citrix xenapp 7.6
citrix xendesktop 7.5
CVE-2016-4945 MEDIUM

Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_gateway_11.0_firmware *
CVE-2016-5109 LOW

Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication.

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,

Products Affected

Vendor Product Version
citrix worx_home 10.3.1
citrix worx_home 10.3.5
citrix xenmobile_mdx_toolkit 10.3.5
citrix worx_home 10.3.0
citrix xenmobile_mdx_toolkit 10.3.0
CVE-2016-5302 HIGH

Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
citrix xenserver *
CVE-2016-5433 MEDIUM

Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-310,

Products Affected

Vendor Product Version
citrix ios_receiver *
CVE-2016-6258 HIGH

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
xen xen 3.4.3
citrix xenserver 6.2.0
xen xen 4.2.2
xen xen 4.1.1
xen xen 4.0.1
xen xen 4.0.4
xen xen 4.2.1
xen xen 4.6.1
xen xen 4.7.0
xen xen 4.4.1
citrix xenserver 7.0
xen xen 3.4.4
citrix xenserver 6.1
xen xen 4.6.3
xen xen 4.2.3
xen xen 4.3.0
xen xen 4.6.0
citrix xenserver 6.0
xen xen 4.1.2
xen xen 4.0.0
xen xen 3.4.2
xen xen 4.2.0
xen xen 4.0.3
xen xen 4.5.0
xen xen 4.1.0
citrix xenserver 6.5.0
xen xen 4.1.5
citrix xenserver 6.0.2
xen xen 4.1.3
xen xen 4.4.0
xen xen 4.1.4
xen xen 4.3.1
xen xen 3.4.0
CVE-2016-6259 MEDIUM

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
xen xen 4.5.3
citrix xenserver 6.2.0
xen xen 4.5.0
xen xen 4.6.1
citrix xenserver 6.5.0
xen xen 4.5.2
xen xen 4.7.0
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.1
xen xen 4.6.3
xen xen 4.5.1
xen xen 4.6.0
citrix xenserver 6.0
CVE-2016-6273 MEDIUM

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix license_server *
citrix license_server_vpx *
CVE-2016-6276 HIGH

Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix linux_virtual_delivery_agent *
CVE-2016-6493 HIGH

Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,

Products Affected

Vendor Product Version
citrix xenapp 6.5.0.0
citrix xenapp 7.7.0.0
citrix xenapp 6.0.0.0
citrix xenapp 7.8.0.0
citrix xenapp 7.5.0.0
citrix xenapp 7.1.0.0
citrix xendesktop *
citrix xenapp 7.6.0.0
citrix xenapp 7.0.0.0
CVE-2016-6877 LOW

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
citrix xenmobile_server *
CVE-2016-9028 MEDIUM

Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware 11.1
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 11.0
citrix netscaler_application_delivery_controller_firmware *
CVE-2016-9111 MEDIUM

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,CWE-284,

Products Affected

Vendor Product Version
citrix receiver_desktop 4.5
CVE-2016-9379 MEDIUM

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
xen xen *
CVE-2016-9380 MEDIUM

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
xen xen *
CVE-2016-9381 MEDIUM

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
qemu qemu 2.8.0
qemu qemu *
CVE-2016-9382 MEDIUM

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
xen xen 4.3.4
xen xen 4.4.2
xen xen 4.6.4
citrix xenserver 6.2.0
xen xen 4.2.2
xen xen 4.1.1
xen xen 4.0.1
xen xen 4.0.4
xen xen 4.2.1
xen xen 4.6.1
xen xen 4.7.0
xen xen 4.4.1
citrix xenserver 7.0
xen xen 4.3.2
xen xen 4.3.3
xen xen 4.6.3
xen xen 4.2.3
xen xen 4.4.3
xen xen 4.2.5
xen xen 4.3.0
xen xen 4.5.1
xen xen 4.6.0
xen xen 4.1.2
xen xen 4.0.0
xen xen 4.5.3
xen xen 4.2.0
xen xen 4.7.1
xen xen 4.0.3
xen xen 4.4.4
xen xen 4.0.2
xen xen 4.5.0
xen xen 4.1.0
xen xen 4.5.2
xen xen 4.1.5
citrix xenserver 6.0.2
citrix xenserver 6.5
xen xen 4.1.3
xen xen 4.4.0
xen xen 4.1.4
xen xen 4.3.1
xen xen 4.1.6.1
xen xen 4.2.4
xen xen 4.5.5
CVE-2016-9383 HIGH

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
xen xen *
CVE-2016-9385 MEDIUM

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
xen xen 4.4.2
xen xen 4.5.3
xen xen 4.6.4
citrix xenserver 6.2.0
xen xen 4.7.1
xen xen 4.4.4
xen xen 4.5.0
xen xen 4.6.1
xen xen 4.5.2
xen xen 4.7.0
xen xen 4.4.1
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
xen xen 4.6.3
xen xen 4.4.0
xen xen 4.4.3
xen xen 4.5.1
xen xen 4.5.5
xen xen 4.6.0
CVE-2016-9386 MEDIUM

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
xen xen *
CVE-2016-9603 HIGH

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.3
citrix xenserver 6.2.0
citrix xenserver 7.1
citrix xenserver 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat openstack 5.0
redhat openstack 6.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 7.0
redhat openstack 10
redhat openstack 7.0
redhat openstack 8
redhat enterprise_linux_server_eus 7.4
qemu qemu *
redhat openstack 9
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.5
citrix xenserver 6.0.2
citrix xenserver 6.5
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
CVE-2016-9637 LOW

The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
CVE-2016-9676 HIGH

Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
citrix provisioning_services 7.8
citrix provisioning_services 7.9
citrix provisioning_services 7.7
citrix provisioning_services 7.1
citrix provisioning_services 7.0
citrix provisioning_services 7.6
citrix provisioning_services 7.11
CVE-2016-9677 MEDIUM

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix provisioning_services 7.8
citrix provisioning_services 7.9
citrix provisioning_services 7.7
citrix provisioning_services 7.1
citrix provisioning_services 7.0
citrix provisioning_services 7.6
citrix provisioning_services 7.11
CVE-2016-9678 HIGH

Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
citrix provisioning_services 7.8
citrix provisioning_services 7.9
citrix provisioning_services 7.7
citrix provisioning_services 7.1
citrix provisioning_services 7.0
citrix provisioning_services 7.6
citrix provisioning_services 7.11
CVE-2016-9679 HIGH

Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
citrix provisioning_services 7.8
citrix provisioning_services 7.9
citrix provisioning_services 7.7
citrix provisioning_services 7.1
citrix provisioning_services 7.0
citrix provisioning_services 7.6
citrix provisioning_services 7.11
CVE-2016-9680 MEDIUM

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix provisioning_services 7.8
citrix provisioning_services 7.9
citrix provisioning_services 7.7
citrix provisioning_services 7.1
citrix provisioning_services 7.0
citrix provisioning_services 7.6
citrix provisioning_services 7.11
CVE-2017-12134 HIGH

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-682,

Products Affected

Vendor Product Version
citrix xenserver 7.1
citrix xenserver 7.0
citrix xenserver 7.2
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
xen xen *
CVE-2017-12135 MEDIUM

Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-682,

Products Affected

Vendor Product Version
citrix xenserver 7.1
citrix xenserver 7.0
citrix xenserver 7.2
debian debian_linux 9.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
debian debian_linux 8.0
xen xen *
CVE-2017-12136 MEDIUM

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
xen xen 4.6.6
xen xen 4.7.2
citrix xenserver 7.2
xen xen 4.6.4
citrix xenserver 6.2.0
xen xen 4.7.1
xen xen 4.6.1
xen xen 4.7.0
citrix xenserver 7.1
citrix xenserver 7.0
xen xen 4.9.0
debian debian_linux 9.0
citrix xenserver 6.0.2
citrix xenserver 6.5
xen xen 4.6.3
xen xen 4.6.5
xen xen 4.8.1
debian debian_linux 8.0
xen xen 4.8.0
xen xen 4.6.0
xen xen 4.7.3
CVE-2017-12137 HIGH

arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
citrix xenserver 7.1
citrix xenserver 7.0
citrix xenserver 7.2
debian debian_linux 9.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
debian debian_linux 8.0
xen xen *
CVE-2017-14602 HIGH

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 11.0
citrix netscaler_gateway_firmware 11.1
citrix netscaler_gateway_firmware 10.5
citrix application_delivery_controller_firmware 11.0
citrix application_delivery_controller_firmware 11.1
citrix netscaler_gateway_firmware 10.5e
citrix application_delivery_controller_firmware 10.1
citrix netscaler_gateway_firmware 12.0
citrix application_delivery_controller_firmware 10.5
citrix application_delivery_controller_firmware 12.0
citrix netscaler_gateway_firmware 10.1
citrix application_delivery_controller_firmware 10.5e
CVE-2017-17382 MEDIUM

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 12.0
citrix application_delivery_controller_firmware 10.5
citrix netscaler_gateway_firmware 11.0
citrix netscaler_gateway_firmware 11.1
citrix application_delivery_controller_firmware 12.0
citrix netscaler_gateway_firmware 10.5
citrix application_delivery_controller_firmware 11.0
citrix application_delivery_controller_firmware 11.1
CVE-2017-17549 MEDIUM

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 12.0
citrix application_delivery_controller_firmware 10.5
citrix netscaler_gateway_firmware 11.0
citrix netscaler_gateway_firmware 11.1
citrix application_delivery_controller_firmware 12.0
citrix netscaler_gateway_firmware 10.5
citrix application_delivery_controller_firmware 11.0
citrix application_delivery_controller_firmware 11.1
CVE-2017-2615 HIGH

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-125,CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.3
citrix xenserver 6.2.0
citrix xenserver 7.1
citrix xenserver 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat openstack 5.0
redhat openstack 6.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 7.0
redhat openstack 10
redhat openstack 7.0
redhat openstack 8
xen xen 4.7.1
xen xen *
redhat enterprise_linux_server_eus 7.4
qemu qemu *
redhat openstack 9
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.5
citrix xenserver 6.0.2
citrix xenserver 6.5
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
CVE-2017-2620 HIGH

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-125,CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.3
citrix xenserver 6.2.0
citrix xenserver 7.1
citrix xenserver 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat openstack 5.0
redhat openstack 6.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 7.0
redhat openstack 10
redhat openstack 7.0
redhat openstack 8
xen xen 4.7.1
xen xen *
redhat enterprise_linux_server_eus 7.4
qemu qemu *
redhat openstack 9
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.5
citrix xenserver 6.0.2
citrix xenserver 6.5
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
CVE-2017-5572 MEDIUM

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
CVE-2017-5573 MEDIUM

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix xenserver 7.0
citrix xenserver 6.0.2
citrix xenserver 6.5
citrix xenserver 6.2.0
CVE-2017-5933 MEDIUM

Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix netscaler_application_delivery_controller_firmware *
CVE-2017-6316 HIGH

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_sd-wan *
CVE-2017-7219 HIGH

A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 11.0
citrix netscaler_gateway_firmware 11.1
citrix netscaler_gateway_firmware 10.1
citrix netscaler_gateway_firmware 10.5
CVE-2017-9231 MEDIUM

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.4
citrix xenmobile_server 10.3.6
citrix xenmobile_server 10.3.5
citrix xenmobile_server 10.0
citrix xenmobile_server 10.5
citrix xenmobile_server 10.1
citrix xenmobile_server 10.3
citrix xenmobile_server 9.0
CVE-2018-10648 HIGH

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.8
citrix xenmobile_server 10.7
CVE-2018-10649 MEDIUM

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.7
CVE-2018-10650 MEDIUM

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.8
citrix xenmobile_server 10.7
CVE-2018-10651 MEDIUM

There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.8
citrix xenmobile_server 10.7
CVE-2018-10652 MEDIUM

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.7
CVE-2018-10653 HIGH

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.8
citrix xenmobile_server 10.7
CVE-2018-10654 MEDIUM

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.8
citrix xenmobile_server 10.7
CVE-2018-14007 HIGH

Citrix XenServer 7.1 and newer allows Directory Traversal.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
citrix xenserver 7.1
citrix xenserver 7.4
citrix xenserver 7.5
CVE-2018-16968 LOW

Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
citrix sharefile_storagezones_controller *
CVE-2018-16969 MEDIUM

Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix sharefile_storagezones_controller *
CVE-2018-17444 MEDIUM

A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
citrix sd-wan 10.1.0
citrix netscaler_sd-wan *
CVE-2018-17445 HIGH

A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
citrix sd-wan 10.1.0
citrix netscaler_sd-wan *
CVE-2018-17446 HIGH

A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
citrix sd-wan 10.1.0
citrix netscaler_sd-wan *
CVE-2018-17447 MEDIUM

An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
citrix sd-wan 10.1.0
citrix netscaler_sd-wan *
CVE-2018-17448 HIGH

An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix sd-wan 10.1.0
citrix netscaler_sd-wan *
CVE-2018-18013 HIGH

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
citrix xenmobile_server *
CVE-2018-18014 HIGH

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
citrix xenmobile_server *
CVE-2018-18517 LOW

Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
CVE-2018-18571 MEDIUM

An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.9.0
citrix xenmobile_server 10.8.0
CVE-2018-19961 MEDIUM

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-459,

Products Affected

Vendor Product Version
citrix xenserver 7.1
citrix xenserver 7.0
debian debian_linux 9.0
citrix xenserver 7.6
xen xen *
citrix xenserver 7.5
CVE-2018-19962 MEDIUM

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix xenserver 7.1
citrix xenserver 7.0
debian debian_linux 9.0
citrix xenserver 7.6
xen xen *
citrix xenserver 7.5
CVE-2018-19965 MEDIUM

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix xenserver 7.1
citrix xenserver 7.0
debian debian_linux 9.0
citrix xenserver 7.6
xen xen *
citrix xenserver 7.5
CVE-2018-3665 MEDIUM

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
intel core_i7 4910mq
intel core_m 5y31
intel core_i7 5775r
intel core_i7 2640m
intel core_i7 950
intel core_i5 450m
intel core_i3 6100t
intel core_i5 655k
intel core_i7 4700mq
intel core_i5 4288u
intel core_i5 3340m
intel core_i7 3537u
intel core_i7 4500u
intel core_i7 4722hq
intel core_i7 3517ue
intel core_i7 3840qm
intel core_i3 380m
intel core_i3 3245
intel core_i5 3230m
intel core_i7 7700t
intel core_i5 6267u
intel core_i7 5950hq
intel core_i5 6440hq
intel core_i5 4200m
intel core_i7 3689y
intel core_i5 2400s
intel core_i3 4030y
intel core_i7 3615qm
intel core_i5 4402ec
intel core_i3 4360t
intel core_i3 6157u
intel core_i5 4440
intel core_i5 470um
intel core_i3 4370
intel core_i7 4712hq
intel core_i7 7500u
intel core_i5 6260u
intel core_i7 4610m
citrix xenserver 7.3
intel core_i5 2450m
intel core_i5 2405s
intel core_i7 5650u
intel core_i3 380um
intel core_i3 2100
intel core_i3 2125
intel core_i5 3570s
intel core_i5 4278u
intel core_i3 350m
intel core_i7 4810mq
intel core_i5 6600
intel core_i5 4250u
freebsd freebsd 11.0
intel core_i5 670
intel core_i3 2375m
intel core_i5 4300u
intel core_i7 2715qe
intel core_i3 3250
intel core_i7 2655le
intel core_i7 4790k
intel core_i5 3380m
intel core_i5 5200u
intel core_i5 3570t
intel core_i7 990x
intel core_i3 3217ue
citrix xenserver 7.5
intel core_i7 7920hq
redhat enterprise_linux 6.0
intel core_i5 4260u
intel core_i5 6600t
intel core_i5 4422e
intel core_i7 7820hk
intel core_i3 2357m
intel core_m 5y10
intel core_i7 975
intel core_i7 2600s
intel core_i7 3612qe
intel core_i3 2100t
intel core_i3 4330t
intel core_i5 3330s
intel core_i5 2500k
intel core_i5 4200u
intel core_i7 875k
intel core_i3 3227u
intel core_i5 3550s
intel core_i3 4005u
intel core_i3 6100u
intel core_i7 5700eq
intel core_i3 530
intel core_i7 4702mq
intel core_i7 970
intel core_i7 4650u
intel core_i7 5850eq
intel core_i7 7560u
intel core_i3 6300
intel core_i3 6006u
intel core_i3 6100
intel core_i7 8550u
intel core_i5 4670r
intel core_m 5y70
redhat enterprise_linux_workstation 6.0
intel core_i7 4960hq
intel core_i5 5287u
intel core_i5 4402e
intel core_i7 4870hq
intel core_i5 3610me
intel core_i5 2515e
intel core_i7 5850hq
intel core_i3 2310e
intel core_i3 3240t
intel core_i7 7567u
intel core_i3 6100e
intel core_i7 7600u
intel core_i5 6685r
intel core_i3 2328m
citrix xenserver 7.4
intel core_i3 2312m
intel core_i3 4100e
intel core_i7 2710qe
intel core_i7 940xm
intel core_i7 3632qm
intel core_i3 330e
intel core_i3 2370m
intel core_i7 4770hq
intel core_i7 3520m
intel core_i7 7700
intel core_i3 2120
intel core_m7 6y75
intel core_i3 2330m
redhat enterprise_linux_workstation 7.0
intel core_i7 940
intel core_i5 6600k
intel core_i5 6402p
intel core_i5 5300u
intel core_i5 4690t
intel core_i7 620um
intel core_i7 870
intel core_i7 5750hq
intel core_i7 7700hq
intel core_i3 4130
intel core_i5 2500s
intel core_i3 4130t
intel core_i7 870s
intel core_i5 4590s
intel core_i5 4210h
intel core_i3 2105
intel core_i7 660lm
intel core_i7 3610qm
intel core_i7 3820qm
debian debian_linux 8.0
intel core_i5 2467m
intel core_i7 2860qm
intel core_i5 520m
intel core_i5 2500t
intel core_i3 390m
intel core_i7 3770t
intel core_i3 3120m
intel core_i3 4360
intel core_i7 4720hq
intel core_i7 8700
intel core_i7 3630qm
intel core_i5 5675c
intel core_i7 2760qm
intel core_i7 960
intel core_i7 2617m
intel core_i3 2330e
intel core_i7 2700k
intel core_i7 7820eq
intel core_i5 3330
intel core_i3 330um
intel core_i3 3110m
citrix xenserver 7.0
intel core_i3 4160t
intel core_i7 4750hq
intel core_i3 4010y
intel core_m3 6y30
intel core_i5 3340s
intel core_i7 4771
intel core_i7 660um
intel core_i5 6300hq
redhat enterprise_linux_desktop 7.0
intel core_i7 620m
intel core_i5 750s
intel core_i7 7820hq
intel core_i7 2637m
intel core_i5 4690k
intel core_i3 3115c
intel core_i7 920
intel core_i3 4150t
intel core_i5 4590
intel core_i5 4670
intel core_i5 2380p
intel core_i3 2367m
intel core_i5 3470s
intel core_i3 5157u
intel core_i7 620le
intel core_i7 880
intel core_i5 6585r
intel core_m3 7y30
intel core_i7 740qm
intel core_i3 8350k
intel core_i5 3439y
intel core_i5 4400e
intel core_i7 930
intel core_i3 4012y
intel core_i3 4170
intel core_i5 4460s
intel core_i7 7y75
intel core_i7 4770t
intel core_i7 7660u
intel core_i5 3340
intel core_i3 2350m
intel core_i3 4100m
intel core_i7 4578u
intel core_i7 5700hq
intel core_i5 6400t
intel core_i7 3667u
intel core_i3 2377m
intel core_i5 3350p
intel core_i3 5015u
intel core_i5 5575r
intel core_i5 8600k
intel core_i7 965
intel core_i5 750
intel core_i3 3240
intel core_i5 540m
intel core_i5 8350u
redhat enterprise_linux_desktop 6.0
intel core_i7 3540m
intel core_i7 3610qe
intel core_i7 2720qm
intel core_i5 4670s
intel core_i5 4570te
intel core_i7 4558u
intel core_i5 3450
intel core_i5 4310m
intel core_i3 3229y
intel core_i7 2820qm
intel core_i3 4350
intel core_i5 4590t
intel core_i7 860s
intel core_i5 3360m
intel core_i7 4600u
intel core_i7 640um
intel core_i5 5257u
intel core_i7 4860hq
intel core_i7 8700k
intel core_i3 3217u
intel core_i7 8650u
intel core_i5 560um
intel core_i7 2635qm
intel core_i5 4690s
intel core_i7 4702ec
intel core_m 5y51
intel core_i3 2115c
intel core_i7 920xm
intel core_i7 5775c
intel core_i5 3550
intel core_i5 6287u
intel core_i7 660ue
intel core_i3 4110m
redhat enterprise_linux 7.0
intel core_i5 2557m
intel core_i5 4302y
intel core_i5 3475s
intel core_i3 4150
intel core_i3 2340ue
intel core_i5 4300y
intel core_i5 6360u
intel core_i7 2677m
intel core_i3 4102e
intel core_i5 2540m
debian debian_linux 9.0
intel core_i7 3687u
intel core_i7 4770te
intel core_i7 4510u
intel core_m3 7y32
intel core_i3 5010u
intel core_i7 2657m
intel core_i5 760
intel core_i7 840qm
intel core_i7 4900mq
intel core_i5 4460t
intel core_i3 6102e
intel core_i5 4460
intel core_i5 3427u
intel core_i3 6098p
citrix xenserver 7.1
intel core_i5 2310
intel core_i5 3339y
intel core_i7 4710mq
intel core_i5 2510e
intel core_i3 4010u
intel core_i5 2430m
intel core_i5 4670t
intel core_i3 3220t
intel core_i5 5250u
intel core_i3 3120me
intel core_i5 3470
intel core_i5 2435m
intel core_i7 4800mq
canonical ubuntu_linux 16.04
intel core_i5 460m
intel core_i3 4330te
intel core_i5 2520m
intel core_i5 5350h
intel core_i7 4700hq
intel core_i5 4570
intel core_i5 4220y
intel core_i7 4770
intel core_i7 7700k
intel core_i7 3635qm
intel core_i7 2960xm
intel core_i7 4790
intel core_i5 2320
intel core_i5 4300m
intel core_i7 3615qe
intel core_i3 4120u
intel core_i5 4210u
intel core_i5 661
intel core_i3 6100h
intel core_i5 2400
intel core_i5 3437u
intel core_i7 4950hq
intel core_i7 2610ue
intel core_i5 650
intel core_i7 2675qm
intel core_i5 430um
intel core_i7 3720qm
intel core_i5 4310u
intel core_i5 8400
intel core_i3 4112e
intel core_i5 8250u
intel core_i5 4570s
intel core_i5 660
intel core_i5 4440s
intel core_i7 680um
intel core_i7 2620m
intel core_i7 4712mq
intel core_i5 4430s
intel core_i5 4570t
intel core_i7 4980hq
intel core_i5 4308u
intel core_i3 3130m
intel core_i3 550
intel core_i3 4025u
intel core_i5 540um
intel core_i7 2600
canonical ubuntu_linux 12.04
intel core_i5 6400
intel core_i3 4030u
intel core_i3 2120t
intel core_m5 6y54
intel core_i7 3555le
intel core_i7 2920xm
intel core_i7 4550u
intel core_i3 4160
intel core_i5 4430
intel core_i3 3210
intel core_i5 520um
intel core_i7 5500u
intel core_i3 5005u
intel core_i5 3317u
intel core_i7 4710hq
freebsd freebsd 11.1
intel core_i5 4200h
intel core_i5 4210m
intel core_i7 640lm
intel core_i5 4340m
intel core_i7 2600k
intel core_i7 4770r
intel core_i3 2102
intel core_i5 4360u
intel core_i7 3770
intel core_i3 2130
intel core_i5 680
intel core_i3 4170t
intel core_i7 3612qm
intel core_i7 4790s
intel core_i3 4110e
intel core_i7 3740qm
intel core_i3 3250t
intel core_i5 6350hq
intel core_i7 980
intel core_i5 3320m
intel core_i5 6440eq
intel core_i7 4770s
intel core_i3 3225
intel core_i7 640m
intel core_i7 5557u
intel core_i7 3770k
intel core_i3 4158u
intel core_i7 5550u
intel core_m 5y71
intel core_i3 4340
intel core_i5 480m
intel core_m 5y10c
intel core_i5 4202y
intel core_i5 2450p
intel core_i7 4600m
intel core_i3 3220
intel core_i5 2390t
intel core_i7 720qm
intel core_i7 610e
intel core_i5 5350u
intel core_i7 3770s
intel core_i5 3450s
intel core_i5 4350u
intel core_i7 4700eq
intel core_i7 5600u
intel core_i5 430m
intel core_i5 4410e
intel core_i7 4700ec
intel core_i7 2630qm
intel core_i3 6300t
intel core_i3 6320
intel core_i5 4210y
intel core_i7 4770k
freebsd freebsd 11.2
intel core_i3 330m
intel core_m 5y10a
intel core_i7 4765t
intel core_i3 4340te
intel core_i5 3570
intel core_i7 4702hq
intel core_i7 2629m
intel core_i5 6300u
intel core_i3 4100u
intel core_i5 2300
intel core_i3 8100
intel core_i5 580m
intel core_m5 6y57
intel core_i3 5020u
intel core_i7 3517u
intel core_i7 4850hq
intel core_i7 820qm
intel core_i3 2365m
intel core_i7 4760hq
intel core_i3 4000m
intel core_i7 4785t
intel core_i7 4790t
intel core_i5 2500
intel core_i5 6200u
intel core_i7 980x
intel core_i5 4330m
intel core_i5 2537m
intel core_i3 2310m
intel core_i5 6500
intel core_i7 2649m
intel core_i5 3337u
intel core_i3 6100te
intel core_i5 6500t
intel core_i5 2550k
intel core_i3 4370t
intel core_i3 4330
intel core_i7 620lm
intel core_i5 4670k
intel core_i3 370m
intel core_i3 560
canonical ubuntu_linux 14.04
intel core_i3 2348m
intel core_i5 6442eq
intel core_i5 3210m
intel core_i5 4690
intel core_i7 2670qm
intel core_i5 3570k
intel core_i5 6500te
intel core_i5 560m
intel core_i7 620ue
intel core_i7 860
intel core_i5 4258u
intel core_i3 540
intel core_i5 2410m
intel core_i5 4200y
intel core_i5 4570r
intel core_i3 4020y
intel core_i5 3470t
intel core_i3 6167u
intel core_i5 520e
intel core_i5 5675r
intel core_i7 4610y
intel core_i3 4350t
CVE-2018-5314 MEDIUM

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
citrix netscaler_gateway 12.0
citrix netscaler_application_delivery_controller 11.1
citrix netscaler_application_delivery_controller 12.0
citrix netscaler_gateway 11.1
citrix netscaler_application_delivery_controller 11.0
citrix netscaler_sd-wan 9.3.0
citrix netscaler_gateway 11.0
CVE-2018-6186 HIGH

Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,

Products Affected

Vendor Product Version
citrix netscaler 12.0
CVE-2018-6808 MEDIUM

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 12.0
citrix netscaler_application_delivery_controller_firmware 11.1
citrix netscaler_gateway_firmware 11.0
citrix netscaler_gateway_firmware 11.1
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 12.0
citrix netscaler_application_delivery_controller_firmware 11.0
citrix netscaler_gateway_firmware 10.5
CVE-2018-6809 HIGH

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 12.0
citrix netscaler_application_delivery_controller_firmware 11.1
citrix netscaler_gateway_firmware 11.0
citrix netscaler_gateway_firmware 11.1
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 12.0
citrix netscaler_application_delivery_controller_firmware 11.0
citrix netscaler_gateway_firmware 10.5
CVE-2018-6810 MEDIUM

Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 12.0
citrix netscaler_application_delivery_controller_firmware 11.1
citrix netscaler_gateway_firmware 11.0
citrix netscaler_gateway_firmware 11.1
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 12.0
citrix netscaler_application_delivery_controller_firmware 11.0
citrix netscaler_gateway_firmware 10.5
CVE-2018-6811 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 12.0
citrix netscaler_application_delivery_controller_firmware 11.1
citrix netscaler_gateway_firmware 11.0
citrix netscaler_gateway_firmware 11.1
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 12.0
citrix netscaler_application_delivery_controller_firmware 11.0
citrix netscaler_gateway_firmware 10.5
CVE-2018-7218 HIGH

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 12.0
citrix application_delivery_controller_firmware 10.5
citrix netscaler_gateway_firmware 11.0
citrix netscaler_gateway_firmware 11.1
citrix application_delivery_controller_firmware 12.0
citrix netscaler_gateway_firmware 10.5
citrix application_delivery_controller_firmware 11.0
citrix application_delivery_controller_firmware 11.1
CVE-2018-8897 HIGH

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
citrix xenserver 7.2
apple mac_os_x *
citrix xenserver 6.2.0
canonical ubuntu_linux 14.04
synology skynas -
redhat enterprise_virtualization_manager 3.0
canonical ubuntu_linux 17.10
citrix xenserver 7.1
citrix xenserver 7.3
citrix xenserver 7.0
xen xen -
debian debian_linux 7.0
debian debian_linux 8.0
synology diskstation_manager 6.1
canonical ubuntu_linux 16.04
citrix xenserver 7.4
synology diskstation_manager 6.0
freebsd freebsd *
debian debian_linux 9.0
citrix xenserver 6.0.2
citrix xenserver 6.5
synology diskstation_manager 5.2
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2019-10883 HIGH

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
citrix netscaler_sd-wan_center *
citrix citrix_sd-wan_center *
CVE-2019-11345 MEDIUM

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_sd-wan_center *
citrix citrix_sd-wan_center *
CVE-2019-11550 MEDIUM

Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
citrix sd-wan *
citrix netscaler_sd-wan *
CVE-2019-11634 HIGH

Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,CWE-284,

Products Affected

Vendor Product Version
citrix receiver 4.9
citrix workspace *
CVE-2019-12044 MEDIUM

A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
citrix netscaler_application_delivery_controller_firmware *
CVE-2019-12292 HIGH

Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix appdna *
CVE-2019-12985 HIGH

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
citrix sd-wan *
citrix netscaler_sd-wan *
CVE-2019-12986 HIGH

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
citrix sd-wan *
citrix netscaler_sd-wan *
CVE-2019-12987 HIGH

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
citrix sd-wan *
citrix netscaler_sd-wan *
CVE-2019-12988 HIGH

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
citrix sd-wan *
citrix netscaler_sd-wan *
CVE-2019-12989 HIGH

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
citrix sd-wan *
citrix netscaler_sd-wan *
CVE-2019-12990 HIGH

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
citrix sd-wan *
citrix netscaler_sd-wan *
CVE-2019-12991 HIGH

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
citrix sd-wan *
citrix netscaler_sd-wan *
CVE-2019-12992 HIGH

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
citrix sd-wan *
citrix netscaler_sd-wan *
CVE-2019-13608 MEDIUM

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
citrix storefront_server *
CVE-2019-17366 MEDIUM

Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix application_delivery_management 13.0
citrix application_delivery_management 12.1
CVE-2019-18177

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

Products Affected

Vendor Product Version
citrix application_delivery_controller_firmware *
citrix gateway *
CVE-2019-18225 HIGH

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 12.0
citrix application_delivery_controller_firmware 10.5
citrix application_delivery_controller_firmware 12.1
citrix netscaler_gateway_firmware 12.1
citrix netscaler_gateway_firmware 11.1
citrix application_delivery_controller_firmware 12.0
citrix gateway_firmware 13.0
citrix netscaler_gateway_firmware 10.5
citrix application_delivery_controller_firmware 11.1
citrix application_delivery_controller_firmware 13.0
CVE-2019-19781 HIGH

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 12.0
citrix application_delivery_controller_firmware 10.5
citrix application_delivery_controller_firmware 12.1
citrix netscaler_gateway_firmware 12.1
citrix netscaler_gateway_firmware 11.1
citrix application_delivery_controller_firmware 12.0
citrix gateway_firmware 13.0
citrix netscaler_gateway_firmware 10.5
citrix application_delivery_controller_firmware 11.1
citrix application_delivery_controller_firmware 13.0
CVE-2019-6485 MEDIUM

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware 12.0
citrix netscaler_application_delivery_controller_firmware 11.1
citrix netscaler_gateway_firmware 12.1
citrix netscaler_gateway_firmware 11.0
citrix netscaler_application_delivery_controller_firmware 12.1
citrix netscaler_gateway_firmware 11.1
citrix netscaler_application_delivery_controller_firmware 10.5
citrix netscaler_application_delivery_controller_firmware 12.0
citrix netscaler_application_delivery_controller_firmware 11.0
citrix netscaler_gateway_firmware 10.5
CVE-2019-7217 MEDIUM

Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
citrix sharefile *
CVE-2019-7218 MEDIUM

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
citrix sharefile *
CVE-2019-9548 HIGH

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix application_delivery_management *
CVE-2020-10110 MEDIUM

Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix gateway_firmware 11.1
citrix gateway_firmware 12.0
citrix gateway_firmware 12.1
CVE-2020-10111 MEDIUM

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
citrix gateway_firmware 11.1
citrix gateway_firmware 12.0
citrix gateway_firmware 12.1
CVE-2020-10112 MEDIUM

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
citrix gateway_firmware 11.1
citrix gateway_firmware 12.0
citrix gateway_firmware 12.1
CVE-2020-13884 HIGH

Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
citrix workspace_app *
CVE-2020-13885 HIGH

Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
citrix workspace_app *
CVE-2020-13998 MEDIUM

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-639,

Products Affected

Vendor Product Version
citrix xenapp 6.5.0.0
CVE-2020-6175 MEDIUM

Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
citrix netscaler_sd-wan_center *
citrix citrix_sd-wan_center *
CVE-2020-7473 MEDIUM

In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
citrix sharefile_storagezones_controller *
citrix sharefile_storagezones_controller 5.7.0
citrix sharefile_storagezones_controller 5.6.0
citrix sharefile_storagezones_controller 5.9.0
citrix sharefile_storagezones_controller 5.8.0
CVE-2020-8187 MEDIUM

Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
citrix application_delivery_controller_firmware *
CVE-2020-8190 MEDIUM

Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-281,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
citrix application_delivery_controller_firmware *
citrix gateway_firmware *
CVE-2020-8191 MEDIUM

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
citrix application_delivery_controller_firmware *
citrix gateway_firmware *
citrix sd-wan_wanop *
CVE-2020-8193 MEDIUM

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-287,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
citrix application_delivery_controller_firmware *
citrix gateway_firmware *
citrix sd-wan_wanop *
CVE-2020-8194 MEDIUM

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
citrix application_delivery_controller_firmware *
citrix gateway_firmware *
citrix sd-wan_wanop *
CVE-2020-8195 MEDIUM

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-22,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
citrix application_delivery_controller_firmware *
citrix gateway_firmware *
citrix sd-wan_wanop *
citrix gateway_plug-in_for_linux *
CVE-2020-8196 MEDIUM

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-287,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
citrix application_delivery_controller_firmware *
citrix gateway_firmware *
citrix sd-wan_wanop *
CVE-2020-8197 MEDIUM

Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
citrix application_delivery_controller_firmware *
citrix gateway_firmware *
CVE-2020-8198 MEDIUM

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_gateway_firmware *
citrix application_delivery_controller_firmware *
citrix gateway_firmware *
citrix sd-wan_wanop *
CVE-2020-8199 MEDIUM

Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix gateway_plug-in_for_linux *
CVE-2020-8200 MEDIUM

Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
citrix storefront_server *
CVE-2020-8207 MEDIUM

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-287,

Products Affected

Vendor Product Version
citrix workspace 2002
citrix workspace 1912
CVE-2020-8208 MEDIUM

Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.11.0
citrix xenmobile_server 10.10.0
citrix xenmobile_server *
citrix xenmobile_server 10.9.0
citrix xenmobile_server 10.12.0
CVE-2020-8209 MEDIUM

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.11.0
citrix xenmobile_server 10.10.0
citrix xenmobile_server *
citrix xenmobile_server 10.9.0
citrix xenmobile_server 10.12.0
CVE-2020-8210 MEDIUM

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-522,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.11.0
citrix xenmobile_server 10.10.0
citrix xenmobile_server *
citrix xenmobile_server 10.9.0
citrix xenmobile_server 10.12.0
CVE-2020-8211 HIGH

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-89,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.11.0
citrix xenmobile_server 10.10.0
citrix xenmobile_server *
citrix xenmobile_server 10.9.0
citrix xenmobile_server 10.12.0
CVE-2020-8212 HIGH

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-749,CWE-863,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.11.0
citrix xenmobile_server 10.10.0
citrix xenmobile_server *
citrix xenmobile_server 10.12.0
CVE-2020-8245 MEDIUM

Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix application_delivery_controller_firmware *
citrix gateway *
CVE-2020-8246 MEDIUM

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix application_delivery_controller_firmware *
citrix gateway *
citrix sd-wan_wanop *
CVE-2020-8247 MEDIUM

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix application_delivery_controller_firmware *
citrix gateway *
citrix sd-wan_wanop *
CVE-2020-8253 MEDIUM

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.11.0
citrix xenmobile_server 10.10.0
citrix xenmobile_server *
citrix xenmobile_server 10.9.0
citrix xenmobile_server 10.12.0
CVE-2020-8257 HIGH

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
citrix gateway_plug-in *
CVE-2020-8258 MEDIUM

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
citrix gateway_plug-in *
CVE-2020-8269 HIGH

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
citrix xendesktop 7.15
citrix xendesktop 7.6
citrix xenapp 7.15
citrix virtual_apps_and_desktops *
citrix xenapp *
citrix xenapp 7.6
citrix xendesktop *
CVE-2020-8270 HIGH

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
citrix virtual_apps_and_desktops *
CVE-2020-8271 HIGH

Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
citrix sd-wan *
CVE-2020-8272 MEDIUM

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
citrix sd-wan *
CVE-2020-8273 HIGH

Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
citrix sd-wan *
CVE-2020-8274 MEDIUM

Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
citrix secure_mail *
CVE-2020-8275 MEDIUM

Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-269,

Products Affected

Vendor Product Version
citrix secure_mail *
CVE-2020-8283 HIGH

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
citrix xendesktop 7.15
citrix xendesktop 7.6
citrix xenapp 7.15
citrix virtual_apps_and_desktops *
citrix xenapp *
citrix xenapp 7.6
citrix xendesktop *
CVE-2020-8299 LOW

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix application_delivery_controller_firmware *
citrix gateway *
citrix sd-wan_wanop *
CVE-2020-8300 MEDIUM

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix application_delivery_controller_firmware *
citrix gateway *
CVE-2020-8982 MEDIUM

An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
citrix sharefile_storagezones_controller *
citrix sharefile_storagezones_controller 5.7.0
citrix sharefile_storagezones_controller 5.6.0
citrix sharefile_storagezones_controller 5.9.0
citrix sharefile_storagezones_controller 5.8.0
CVE-2020-8983 MEDIUM

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
citrix sharefile_storagezones_controller *
citrix sharefile_storagezones_controller 5.7.0
citrix sharefile_storagezones_controller 5.6.0
citrix sharefile_storagezones_controller 5.9.0
citrix sharefile_storagezones_controller 5.8.0
CVE-2021-22891 HIGH

A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
citrix sharefile_storagezones_controller *
CVE-2021-22907 HIGH

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix workspace *
CVE-2021-22914 MEDIUM

Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-922,CWE-922,

Products Affected

Vendor Product Version
citrix cloud_connector *
CVE-2021-22919 MEDIUM

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix application_delivery_controller_firmware *
citrix gateway *
citrix sd-wan_wanop *
CVE-2021-22920 MEDIUM

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
citrix application_delivery_management 13.0-82.42
citrix gateway 12.1-62.25
citrix gateway 13.0-82.42
citrix application_delivery_management 12.1-62.25
CVE-2021-22927 MEDIUM

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,CWE-384,

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix application_delivery_controller_firmware *
citrix gateway *
CVE-2021-22928 HIGH

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix xendesktop 7.15
citrix xenapp 7.15
citrix virtual_apps_and_desktops 1912
citrix virtual_apps_and_desktops *
CVE-2021-22932 MEDIUM

An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryption” immediately after running the tool are unaffected by this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,CWE-311,

Products Affected

Vendor Product Version
citrix sharefile_storagezones_controller *
CVE-2021-22941 HIGH

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix sharefile_storagezones_controller *
CVE-2021-22955 MEDIUM

A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
citrix application_delivery_controller_firmware *
citrix gateway *
CVE-2021-22956 MEDIUM

An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
citrix application_delivery_controller_firmware *
citrix gateway *
citrix sd-wan *
CVE-2021-44519 MEDIUM

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.13.0
citrix xenmobile_server 10.14.0
CVE-2021-44520 HIGH

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.13.0
citrix xenmobile_server 10.14.0
CVE-2022-21825 MEDIUM

An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix workspace *
CVE-2022-21827 MEDIUM

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
citrix gateway_plug-in *
CVE-2022-26151 HIGH

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
citrix xenmobile_server 10.13.0
citrix xenmobile_server 10.14.0
CVE-2022-26355 LOW

Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-668,CWE-668,

Products Affected

Vendor Product Version
citrix federated_authentication_service *
CVE-2022-27503 LOW

Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
citrix storefront_server *
CVE-2022-27505 MEDIUM

Reflected cross site scripting (XSS)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
citrix sd-wan_4100_firmware *
citrix sd-wan_410_firmware *
citrix sd-wan_5100_firmware *
citrix sd-wan_4000_firmware *
citrix sd-wan_1100_firmware *
citrix sd-wan_6100_firmware *
citrix sd-wan_1000_firmware *
citrix sd-wan_400_firmware *
citrix sd-wan_2100_firmware *
citrix sd-wan_110_firmware *
citrix sd-wan_210_firmware *
citrix sd-wan_2000_firmware *
CVE-2022-27506 MEDIUM

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
citrix sd-wan_4100_firmware *
citrix sd-wan_410_firmware *
citrix sd-wan_5100_firmware *
citrix sd-wan_4000_firmware *
citrix sd-wan_1100_firmware *
citrix sd-wan_6100_firmware *
citrix sd-wan_1000_firmware *
citrix sd-wan_orchestrator *
citrix sd-wan_400_firmware *
citrix sd-wan_2100_firmware *
citrix sd-wan_center_management_console *
citrix sd-wan_110_firmware *
citrix sd-wan_210_firmware *
citrix sd-wan_2000_firmware *
CVE-2022-27507

Authenticated denial of service

Products Affected

Vendor Product Version
citrix gateway *
citrix application_delivery_controller *
CVE-2022-27508

Unauthenticated denial of service

Products Affected

Vendor Product Version
citrix gateway 12.1-64.16
citrix application_delivery_controller 12.1-64.16
CVE-2022-27509

Unauthenticated redirection to a malicious website

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
citrix application_delivery_controller_firmware *
citrix gateway *
CVE-2022-27510

Unauthorized access to Gateway user capabilities

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
secure@citrix.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
citrix application_delivery_controller_firmware *
citrix gateway *
CVE-2022-27511 HIGH

Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
citrix application_delivery_management *
CVE-2022-27512 MEDIUM

Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-664,CWE-416,

Products Affected

Vendor Product Version
citrix application_delivery_management *
CVE-2022-27513

Remote desktop takeover via phishing

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
citrix application_delivery_controller_firmware *
citrix gateway *
CVE-2022-27516

User login brute force protection functionality bypass

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
citrix application_delivery_controller_firmware *
citrix gateway *
CVE-2022-27518

Unauthenticated remote arbitrary code execution

Products Affected

Vendor Product Version
citrix application_delivery_controller_firmware *
citrix gateway_firmware *
CVE-2023-24483

A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
citrix virtual_apps_and_desktops 2203
citrix virtual_apps_and_desktops 1912
citrix virtual_apps_and_desktops *
CVE-2023-24484

A malicious user can cause log files to be written to a directory that they do not have permission to write to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

Products Affected

Vendor Product Version
citrix workspace *
citrix workspace 2203.1
citrix workspace 1912
CVE-2023-24485

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
citrix workspace *
citrix workspace 2203.1
citrix workspace 1912
CVE-2023-24486

A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.

Products Affected

Vendor Product Version
citrix workspace *
CVE-2023-24487

Arbitrary file read in Citrix ADC and Citrix Gateway 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
citrix gateway *
citrix application_delivery_controller *
CVE-2023-24488

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
secure@citrix.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
citrix gateway *
citrix application_delivery_controller *
CVE-2023-24489

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
citrix sharefile_storage_zones_controller *
CVE-2023-24490

Users with only access to launch VDA applications can launch an unauthorized desktop

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
citrix virtual_apps_and_desktops 2203
citrix virtual_apps_and_desktops 1912
citrix linux_virtual_delivery_agent *
citrix virtual_apps_and_desktops *
citrix linux_virtual_delivery_agent 1912
citrix linux_virtual_delivery_agent 2203
CVE-2023-24491

A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
citrix secure_access_client *
CVE-2023-24492

A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
citrix secure_access_client *
CVE-2023-3466

Reflected Cross-Site Scripting (XSS)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller 11.1-65.22
citrix netscaler_application_delivery_controller *
CVE-2023-3467

Privilege Escalation to root administrator (nsroot)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller 11.1-65.22
citrix netscaler_application_delivery_controller *
CVE-2023-3519

Unauthenticated remote code execution

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
secure@citrix.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller 11.1-65.22
citrix netscaler_application_delivery_controller *
CVE-2023-4966

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
secure@citrix.com 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2023-4967

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2023-6184

Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
secure@citrix.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N 0.7 4.2

Products Affected

Vendor Product Version
citrix virtual_apps_and_desktops 2203
citrix virtual_apps_and_desktops 1912
citrix virtual_apps_and_desktops *
CVE-2023-6548

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
secure@citrix.com 5.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.1 3.4

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2023-6549

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2024-12284

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

Products Affected

Vendor Product Version
citrix netscaler_console 13.1
citrix netscaler_console 14.1
citrix netscaler_agent *
citrix netscaler_agent 13.0-58.30
CVE-2024-2049

Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@citrix.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
citrix sd-wan_4100_firmware *
citrix sd-wan_410_firmware *
citrix sd-wan_5100_firmware *
citrix sd-wan_4000_firmware *
citrix sd-wan_1100_firmware *
citrix sd-wan_6100_firmware *
citrix sd-wan_1000_firmware *
citrix sd-wan_400_firmware *
citrix sd-wan_2100_firmware *
citrix sd-wan_110_firmware *
citrix sd-wan_210_firmware *
citrix sd-wan_2000_firmware *
CVE-2024-3661

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
9119a7d8-5eab-497f-8521-727c672e3725 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
fortinet forticlient 7.4.0
f5 big-ip_access_policy_manager *
watchguard mobile_vpn_with_ssl *
watchguard ipsec_mobile_vpn_client *
citrix secure_access_client *
cisco secure_client -
cisco anyconnect_vpn_client -
fortinet forticlient *
zscaler client_connector -
paloaltonetworks globalprotect *
zscaler client_connector *
CVE-2024-5491

Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2024-5492

Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2024-5661

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.

Products Affected

Vendor Product Version
citrix hypervisor 8.2
citrix xenserver 8.0
CVE-2024-6148

Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5

Products Affected

Vendor Product Version
citrix workspace *
CVE-2024-6149

Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5

Products Affected

Vendor Product Version
citrix workspace *
CVE-2024-6150

A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning

Products Affected

Vendor Product Version
citrix provisioning 1912
citrix provisioning 2203
citrix provisioning *
CVE-2024-6151

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS

Products Affected

Vendor Product Version
citrix virtual_apps_and_desktops 2203
citrix virtual_apps_and_desktops 1912
citrix virtual_apps_and_desktops *
CVE-2024-6235

Sensitive information disclosure in NetScaler Console

Products Affected

Vendor Product Version
citrix netscaler_console *
CVE-2024-6236

Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX

Products Affected

Vendor Product Version
citrix netscaler_sdx *
citrix netscaler_agent *
citrix netscaler_console *
CVE-2024-6286

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Products Affected

Vendor Product Version
citrix workspace *
citrix workspace 2203.1
CVE-2024-6677

Privilege escalation in uberAgent

Products Affected

Vendor Product Version
citrix uberagent *
CVE-2024-7889

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Products Affected

Vendor Product Version
citrix workspace 2402
citrix workspace *
citrix workspace 2203.1
CVE-2024-7890

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Products Affected

Vendor Product Version
citrix workspace 2402
citrix workspace *
citrix workspace 2203.1
CVE-2024-8068

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

Products Affected

Vendor Product Version
citrix session_recording 2203
citrix session_recording *
citrix session_recording 1912
citrix session_recording 2402
citrix session_recording 2407
CVE-2024-8069

Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

Products Affected

Vendor Product Version
citrix session_recording 2203
citrix session_recording *
citrix session_recording 1912
citrix session_recording 2402
citrix session_recording 2407
CVE-2024-8534

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2024-8535

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2025-0320

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows

Products Affected

Vendor Product Version
citrix secure_access_client *
CVE-2025-1222

An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac

Products Affected

Vendor Product Version
citrix secure_access_client *
CVE-2025-1223

An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac

Products Affected

Vendor Product Version
citrix secure_access_client *
CVE-2025-4365

Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)

Products Affected

Vendor Product Version
citrix netscaler_console 13.1
citrix netscaler_sdx *
citrix netscaler_console 14.1
CVE-2025-4879

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Products Affected

Vendor Product Version
citrix workspace 2402
citrix workspace *
CVE-2025-5349

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2025-5777

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2025-6543

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2025-6759

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS

Products Affected

Vendor Product Version
citrix virtual_apps_and_desktops *
citrix virtual_apps_and_desktops 2402
CVE-2025-7775

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *
CVE-2025-7776

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
citrix netscaler_gateway *
citrix netscaler_application_delivery_controller *