A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
Max CVSS
9.6
EPSS Score
0.23%
Published
2023-07-11
Updated
2023-07-20

CVE-2023-24489

Known exploited
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
Max CVSS
9.8
EPSS Score
97.36%
Published
2023-07-10
Updated
2023-07-18
CISA KEV Added
2023-08-16

CVE-2023-6549

Known exploited
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service
Max CVSS
8.2
EPSS Score
0.60%
Published
2024-01-17
Updated
2024-01-24
CISA KEV Added
2024-01-17

CVE-2023-6548

Known exploited
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Max CVSS
8.8
EPSS Score
1.57%
Published
2024-01-17
Updated
2024-01-25
CISA KEV Added
2024-01-17
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
Max CVSS
8.2
EPSS Score
0.05%
Published
2023-10-27
Updated
2023-11-07

CVE-2023-4966

Known exploited
Public exploit
Used for ransomware
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 
Max CVSS
9.4
EPSS Score
96.49%
Published
2023-10-10
Updated
2024-02-29
CISA KEV Added
2023-10-18

CVE-2023-3519

Known exploited
Public exploit
Used for ransomware
Unauthenticated remote code execution
Max CVSS
9.8
EPSS Score
91.19%
Published
2023-07-19
Updated
2023-08-04
CISA KEV Added
2023-07-19
Privilege Escalation to root administrator (nsroot)
Max CVSS
8.0
EPSS Score
0.04%
Published
2023-07-19
Updated
2023-07-28
Reflected Cross-Site Scripting (XSS)
Max CVSS
8.3
EPSS Score
0.05%
Published
2023-07-19
Updated
2023-07-28

CVE-2022-27518

Known exploited
Unauthenticated remote arbitrary code execution
Max CVSS
9.8
EPSS Score
7.96%
Published
2022-12-13
Updated
2023-10-18
CISA KEV Added
2022-12-13
User login brute force protection functionality bypass
Max CVSS
9.8
EPSS Score
0.17%
Published
2022-11-08
Updated
2023-10-18
Remote desktop takeover via phishing
Max CVSS
9.6
EPSS Score
0.17%
Published
2022-11-08
Updated
2023-10-18
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.
Max CVSS
8.1
EPSS Score
0.29%
Published
2022-06-16
Updated
2023-07-18
Unauthorized access to Gateway user capabilities
Max CVSS
9.8
EPSS Score
0.12%
Published
2022-11-08
Updated
2023-10-18
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
Max CVSS
9.0
EPSS Score
0.25%
Published
2022-04-13
Updated
2022-12-02
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
Max CVSS
9.0
EPSS Score
0.68%
Published
2022-04-13
Updated
2022-07-12
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
Max CVSS
8.8
EPSS Score
1.10%
Published
2022-04-19
Updated
2022-12-02

CVE-2021-22941

Known exploited
Used for ransomware
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
Max CVSS
10.0
EPSS Score
1.53%
Published
2021-09-23
Updated
2022-08-30
CISA KEV Added
2022-03-25
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
Max CVSS
8.1
EPSS Score
0.15%
Published
2021-08-05
Updated
2021-08-16
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.
Max CVSS
9.8
EPSS Score
0.26%
Published
2021-05-27
Updated
2021-08-12
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
Max CVSS
9.0
EPSS Score
0.10%
Published
2020-12-14
Updated
2020-12-17
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
Max CVSS
9.0
EPSS Score
0.33%
Published
2020-11-16
Updated
2020-11-30
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
Max CVSS
10.0
EPSS Score
0.56%
Published
2020-11-16
Updated
2020-11-30
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342
Max CVSS
9.0
EPSS Score
0.15%
Published
2020-11-16
Updated
2020-12-03
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
Max CVSS
9.0
EPSS Score
0.15%
Published
2020-11-16
Updated
2020-12-03
111 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!