Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Users with only access to launch VDA applications can launch an unauthorized desktop
Max CVSS
6.3
EPSS Score
0.05%
Published
2023-07-10
Updated
2023-07-18
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting
Max CVSS
6.1
EPSS Score
3.54%
Published
2023-07-10
Updated
2023-07-11
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-10
Updated
2023-07-18
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-02-16
Updated
2023-02-24
Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.
Max CVSS
5.3
EPSS Score
0.08%
Published
2022-06-16
Updated
2022-06-16
Unauthenticated redirection to a malicious website
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-07-28
Updated
2022-08-05
Authenticated denial of service
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-01-26
Updated
2023-02-01
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI
Max CVSS
6.8
EPSS Score
0.05%
Published
2022-04-13
Updated
2022-04-23
Reflected cross site scripting (XSS)
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-04-13
Updated
2022-04-21
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-04-13
Updated
2022-04-21
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.
Max CVSS
4.4
EPSS Score
0.04%
Published
2022-03-10
Updated
2022-03-18
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.
Max CVSS
6.5
EPSS Score
0.15%
Published
2021-08-05
Updated
2021-08-13
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Max CVSS
5.3
EPSS Score
0.16%
Published
2020-06-11
Updated
2024-03-21
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default
Max CVSS
5.8
EPSS Score
0.13%
Published
2020-03-06
Updated
2024-03-21
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive
Max CVSS
5.3
EPSS Score
1.24%
Published
2020-03-06
Updated
2024-03-21
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
Max CVSS
6.5
EPSS Score
0.08%
Published
2021-06-16
Updated
2022-09-20
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
Max CVSS
6.5
EPSS Score
0.06%
Published
2021-06-16
Updated
2021-06-24
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.
Max CVSS
4.3
EPSS Score
0.09%
Published
2021-01-06
Updated
2021-01-12
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.
Max CVSS
6.5
EPSS Score
0.35%
Published
2021-01-06
Updated
2021-01-12
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-18
Updated
2020-10-07
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-08-17
Updated
2020-08-19
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
Max CVSS
6.5
EPSS Score
0.07%
Published
2020-09-18
Updated
2020-10-07
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-07-10
Updated
2020-07-13

CVE-2020-8196

Known exploited
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Max CVSS
4.3
EPSS Score
0.26%
Published
2020-07-10
Updated
2022-09-20
CISA KEV Added
2021-11-03
155 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!