Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Users with only access to launch VDA applications can launch an unauthorized desktop
Max CVSS
6.3
EPSS Score
0.05%
Published
2023-07-10
Updated
2023-07-18
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting
Max CVSS
6.1
EPSS Score
3.54%
Published
2023-07-10
Updated
2023-07-11
Unauthenticated redirection to a malicious website
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-07-28
Updated
2022-08-05
Authenticated denial of service
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-01-26
Updated
2023-02-01
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI
Max CVSS
6.8
EPSS Score
0.05%
Published
2022-04-13
Updated
2022-04-23
Reflected cross site scripting (XSS)
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-04-13
Updated
2022-04-21
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-04-13
Updated
2022-04-21
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.
Max CVSS
6.5
EPSS Score
0.15%
Published
2021-08-05
Updated
2021-08-13
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
Max CVSS
6.5
EPSS Score
0.08%
Published
2021-06-16
Updated
2022-09-20
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
Max CVSS
6.5
EPSS Score
0.06%
Published
2021-06-16
Updated
2021-06-24
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.
Max CVSS
6.5
EPSS Score
0.35%
Published
2021-01-06
Updated
2021-01-12
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-09-18
Updated
2020-10-07
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-08-17
Updated
2020-08-19
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
Max CVSS
6.5
EPSS Score
0.07%
Published
2020-09-18
Updated
2020-10-07
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-07-10
Updated
2020-07-13

CVE-2020-8195

Known exploited
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Max CVSS
6.5
EPSS Score
89.46%
Published
2020-07-10
Updated
2022-09-20
CISA KEV Added
2021-11-03
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
Max CVSS
6.5
EPSS Score
97.36%
Published
2020-07-10
Updated
2020-07-13

CVE-2020-8193

Known exploited
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
Max CVSS
6.5
EPSS Score
97.46%
Published
2020-07-10
Updated
2022-09-20
CISA KEV Added
2021-11-03
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
Max CVSS
6.1
EPSS Score
0.21%
Published
2020-07-10
Updated
2020-07-13
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-12-26
Updated
2023-01-05
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-10
Updated
2020-03-12
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-05-23
Updated
2018-06-25
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-05-23
Updated
2018-06-25
Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
Max CVSS
6.1
EPSS Score
0.10%
Published
2018-03-06
Updated
2018-03-26
54 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!