Citrix Xenapp

A vulnerability has been identified in Citrix Virtual Apps and Desktops

CVE-2021-22928 7.8 - High - August 05, 2021

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.

An authorised user on a Windows host running Citrix Universal Print Server

CVE-2020-8283 8.8 - High - December 14, 2020

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

Improper Privilege Management

An unprivileged Windows user on the VDA

CVE-2020-8269 8.8 - High - November 16, 2020

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9

Improper Privilege Management

Citrix XenApp 6.5, when 2FA is enabled

CVE-2020-13998 5.3 - Medium - June 11, 2020

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Side Channel Attack