Citrix

Vulnerabilities have been identified

CVE-2023-24485 7.8 - High - February 16, 2023

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.

AuthZ

A malicious user can cause log files to be written to a directory

CVE-2023-24484 5.5 - Medium - February 16, 2023

A malicious user can cause log files to be written to a directory that they do not have permission to write to.

Unauthenticated denial of service

CVE-2022-27508 7.5 - High - January 26, 2023

Unauthenticated denial of service

Resource Exhaustion

Authenticated denial of service

CVE-2022-27507 6.5 - Medium - January 26, 2023

Authenticated denial of service

Resource Exhaustion

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint

CVE-2019-18177 6.5 - Medium - December 26, 2022

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

User login brute force protection functionality bypass

CVE-2022-27516 9.8 - Critical - November 08, 2022

User login brute force protection functionality bypass

Improper Restriction of Excessive Authentication Attempts

Remote desktop takeover

CVE-2022-27513 9.6 - Critical - November 08, 2022

Remote desktop takeover via phishing

Insufficient Verification of Data Authenticity

Unauthorized access to Gateway user capabilities

CVE-2022-27510 9.8 - Critical - November 08, 2022

Unauthorized access to Gateway user capabilities

authentification

Unauthenticated redirection to a malicious website

CVE-2022-27509 6.1 - Medium - July 28, 2022

Unauthenticated redirection to a malicious website

Open Redirect

Temporary disruption of the ADM license service

CVE-2022-27512 5.3 - Medium - June 16, 2022

Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.

Dangling pointer

Corruption of the system by a remote, unauthenticated user

CVE-2022-27511 8.1 - High - June 16, 2022

Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.

AuthZ

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could

CVE-2022-21827 7.1 - High - May 26, 2022

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.

Improper Privilege Management

In Citrix XenMobile Server through 10.12 RP9

CVE-2021-44519 8.8 - High - April 19, 2022

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.

Directory traversal

Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9

CVE-2022-27503 6.1 - Medium - April 13, 2022

Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9

XSS

Hard-coded credentials

CVE-2022-27506 2.7 - Low - April 13, 2022

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI

Use of Hard-coded Credentials

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4

CVE-2022-26151 7.2 - High - April 13, 2022

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.

Improper Input Validation

In Citrix XenMobile Server through 10.12 RP9

CVE-2021-44520 8.8 - High - April 13, 2022

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.

Command Injection

Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments

CVE-2022-26355 4.4 - Medium - March 10, 2022

Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificates private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.

Exposure of Resource to Wrong Sphere

An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed

CVE-2022-21825 7.8 - High - February 09, 2022

An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.

AuthZ

An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23

CVE-2021-22956 7.5 - High - December 07, 2021

An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.

Resource Exhaustion

A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could

CVE-2021-22955 7.5 - High - December 07, 2021

A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.

Resource Exhaustion

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may

CVE-2021-22941 9.8 - Critical - September 23, 2021

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller

CVE-2021-22932 7.5 - High - August 16, 2021

An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected Enable Encryption in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected Enable Encryption immediately after running the tool are unaffected by this issue.

Missing Encryption of Sensitive Data

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway)

CVE-2021-22920 6.5 - Medium - August 05, 2021

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.

A vulnerability has been identified in Citrix Virtual Apps and Desktops

CVE-2021-22928 7.8 - High - August 05, 2021

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway)

CVE-2021-22919 7.5 - High - August 05, 2021

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.

Allocation of Resources Without Limits or Throttling

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider

CVE-2021-22927 8.1 - High - August 05, 2021

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

Session Fixation

Citrix Cloud Connector before 6.31.0.62192 suffers

CVE-2021-22914 7.5 - High - June 16, 2021

Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.

Insecure Storage of Sensitive Information

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control

CVE-2020-8300 6.5 - Medium - June 16, 2021

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers

CVE-2020-8299 6.5 - Medium - June 16, 2021

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

Resource Exhaustion

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially

CVE-2021-22907 7.8 - High - May 27, 2021

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.

A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may

CVE-2021-22891 9.8 - Critical - May 27, 2021

A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.

AuthZ

Improper privilege management on services run by Citrix Gateway Plug-in for Windows

CVE-2020-8257 9.8 - Critical - December 14, 2020

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks

Improper Privilege Management

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15

CVE-2020-8258 7.5 - High - December 14, 2020

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.

Improper Privilege Management

An authorised user on a Windows host running Citrix Universal Print Server

CVE-2020-8283 8.8 - High - December 14, 2020

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

Improper Privilege Management

An unprivileged Windows user on the VDA

CVE-2020-8269 8.8 - High - November 16, 2020

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9

Improper Privilege Management

An unprivileged Windows user on the VDA or an SMB user

CVE-2020-8270 8.8 - High - November 16, 2020

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342

Shell injection

Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2

CVE-2020-8271 9.8 - Critical - November 16, 2020

Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

Directory traversal

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2

CVE-2020-8272 7.5 - High - November 16, 2020

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

authentification

Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2

CVE-2020-8273 8.8 - High - November 16, 2020

Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.

Shell injection

Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from

CVE-2020-8200 6.5 - Medium - September 18, 2020

Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

authentification

Improper authentication in Citrix XenMobile Server 10.12 before RP2

CVE-2020-8253 7.5 - High - September 18, 2020

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.

authentification

Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5

CVE-2020-8208 6.1 - Medium - August 17, 2020

Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).

XSS

Improper access control in Citrix XenMobile Server 10.12 before RP2

CVE-2020-8209 7.5 - High - August 17, 2020

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.

Directory traversal

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3

CVE-2020-8210 7.5 - High - August 17, 2020

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.

Insufficiently Protected Credentials

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5

CVE-2020-8211 9.8 - Critical - August 17, 2020

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.

SQL Injection

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5

CVE-2020-8212 9.8 - Critical - August 17, 2020

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.

AuthZ

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30

CVE-2020-8195 6.5 - Medium - July 10, 2020

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

Directory traversal

** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled

CVE-2020-13998 5.3 - Medium - June 11, 2020

** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Side Channel Attack

In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020

CVE-2020-7473 7.5 - High - May 07, 2020

In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.

Directory traversal

An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller

CVE-2020-8982 7.5 - High - May 07, 2020

An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983.

Directory traversal

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which

CVE-2020-8983 7.5 - High - May 07, 2020

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982.

Directory traversal

Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.

CVE-2020-6175 5.9 - Medium - March 16, 2020

Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.

Improper Certificate Validation

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7

CVE-2019-11345 6.1 - Medium - March 10, 2020

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.

XSS

** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching

CVE-2020-10110 5.3 - Medium - March 06, 2020

** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive.

** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests

CVE-2020-10111 7.5 - High - March 06, 2020

** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization.

HTTP Request Smuggling

** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning

CVE-2020-10112 5.4 - Medium - March 06, 2020

** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default.

HTTP Request Smuggling

Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.

CVE-2019-17366 8.8 - High - October 09, 2019

Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000)

CVE-2019-13608 7.5 - High - August 29, 2019

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.

XXE

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

CVE-2019-12985 9.8 - Critical - July 16, 2019

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

Shell injection

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).

CVE-2019-12986 9.8 - Critical - July 16, 2019

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).

Shell injection

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).

CVE-2019-12987 9.8 - Critical - July 16, 2019

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).

Shell injection

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).

CVE-2019-12988 9.8 - Critical - July 16, 2019

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).

Shell injection

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8

CVE-2019-12989 9.8 - Critical - July 16, 2019

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.

SQL Injection

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8

CVE-2019-12990 9.8 - Critical - July 16, 2019

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.

Directory traversal

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).

CVE-2019-12991 8.8 - High - July 16, 2019

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).

Shell injection

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).

CVE-2019-12992 8.8 - High - July 16, 2019

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).

Shell injection

Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.

CVE-2019-12292 9.8 - Critical - June 24, 2019

Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.

CVE-2019-9548 10 - Critical - June 05, 2019

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.

An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3

CVE-2018-18571 9.1 - Critical - June 05, 2019

An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.

authentification

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7

CVE-2019-10883 9.8 - Critical - June 03, 2019

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.

Shell injection

Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

CVE-2019-11634 9.8 - Critical - May 22, 2019

Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

Citrix ShareFile before 19.12 allows User Enumeration

CVE-2019-7217 7.5 - High - May 13, 2019

Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.

Side Channel Attack

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication

CVE-2019-7218 5.9 - Medium - May 13, 2019

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).

authentification

Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.

CVE-2019-11550 5.9 - Medium - May 08, 2019

Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.

Improper Certificate Validation

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly

CVE-2018-19961 7.8 - High - December 08, 2018

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

Insufficient Cleanup

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly

CVE-2018-19962 7.8 - High - December 08, 2018

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

Information Disclosure

An issue was discovered in Xen through 4.11.x

CVE-2018-19965 5.6 - Medium - December 08, 2018

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input

CVE-2018-18013 7.8 - High - October 24, 2018

** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost."

Marshaling, Unmarshaling

** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8

CVE-2018-18014 7.8 - High - October 24, 2018

** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost."

authentification

Citrix NetScaler Gateway 10.5.x before 10.5.69.003

CVE-2018-18517 4.8 - Medium - October 24, 2018

Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.

XSS

A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVE-2018-17444 7.5 - High - October 23, 2018

A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

Directory traversal

A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVE-2018-17445 9.8 - Critical - October 23, 2018

A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

Command Injection

A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVE-2018-17446 9.8 - Critical - October 23, 2018

A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

SQL Injection

An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVE-2018-17447 7.5 - High - October 23, 2018

An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

Insertion of Sensitive Information into Log File

An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVE-2018-17448 9.8 - Critical - October 23, 2018

An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

Citrix ShareFile StorageZones Controller before 5.4.2

CVE-2018-16968 3.1 - Low - September 26, 2018

Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.

Directory traversal

Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.

CVE-2018-16969 4.3 - Medium - September 26, 2018

Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.

Information Disclosure

Citrix XenServer 7.1 and newer

CVE-2018-14007 9.8 - Critical - August 15, 2018

Citrix XenServer 7.1 and newer allows Directory Traversal.

Directory traversal

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest

CVE-2016-9603 9.9 - Critical - July 27, 2018

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

Buffer Overflow

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue

CVE-2017-2620 9.9 - Critical - July 27, 2018

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

Out-of-bounds Read

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue

CVE-2017-2615 9.1 - Critical - July 03, 2018

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

Memory Corruption

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially

CVE-2018-3665 5.6 - Medium - June 21, 2018

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

Information Disclosure

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVE-2018-10648 9.8 - Critical - May 23, 2018

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

Unrestricted File Upload

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.

CVE-2018-10649 6.1 - Medium - May 23, 2018

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.

XSS

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVE-2018-10650 7.8 - High - May 23, 2018

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

Untrusted Path

There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVE-2018-10651 6.1 - Medium - May 23, 2018

There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

Open Redirect

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.

CVE-2018-10652 7.5 - High - May 23, 2018

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.

Information Disclosure

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVE-2018-10653 9.8 - Critical - May 23, 2018

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

XXE

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVE-2018-10654 8.1 - High - May 23, 2018

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

Marshaling, Unmarshaling