A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
Max CVSS
9.6
EPSS Score
0.23%
Published
2023-07-11
Updated
2023-07-20

CVE-2023-24489

Known exploited
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
Max CVSS
9.8
EPSS Score
97.36%
Published
2023-07-10
Updated
2023-07-18
CISA KEV Added
2023-08-16

CVE-2023-4966

Known exploited
Public exploit
Used for ransomware
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 
Max CVSS
9.4
EPSS Score
96.49%
Published
2023-10-10
Updated
2024-02-29
CISA KEV Added
2023-10-18

CVE-2023-3519

Known exploited
Public exploit
Used for ransomware
Unauthenticated remote code execution
Max CVSS
9.8
EPSS Score
91.19%
Published
2023-07-19
Updated
2023-08-04
CISA KEV Added
2023-07-19

CVE-2022-27518

Known exploited
Unauthenticated remote arbitrary code execution
Max CVSS
9.8
EPSS Score
7.96%
Published
2022-12-13
Updated
2023-10-18
CISA KEV Added
2022-12-13
User login brute force protection functionality bypass
Max CVSS
9.8
EPSS Score
0.17%
Published
2022-11-08
Updated
2023-10-18
Remote desktop takeover via phishing
Max CVSS
9.6
EPSS Score
0.17%
Published
2022-11-08
Updated
2023-10-18
Unauthorized access to Gateway user capabilities
Max CVSS
9.8
EPSS Score
0.12%
Published
2022-11-08
Updated
2023-10-18
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
Max CVSS
9.0
EPSS Score
0.25%
Published
2022-04-13
Updated
2022-12-02
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
Max CVSS
9.0
EPSS Score
0.68%
Published
2022-04-13
Updated
2022-07-12

CVE-2021-22941

Known exploited
Used for ransomware
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
Max CVSS
10.0
EPSS Score
1.53%
Published
2021-09-23
Updated
2022-08-30
CISA KEV Added
2022-03-25
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.
Max CVSS
9.8
EPSS Score
0.26%
Published
2021-05-27
Updated
2021-08-12
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
Max CVSS
9.0
EPSS Score
0.10%
Published
2020-12-14
Updated
2020-12-17
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
Max CVSS
9.0
EPSS Score
0.33%
Published
2020-11-16
Updated
2020-11-30
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
Max CVSS
10.0
EPSS Score
0.56%
Published
2020-11-16
Updated
2020-11-30
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342
Max CVSS
9.0
EPSS Score
0.15%
Published
2020-11-16
Updated
2020-12-03
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
Max CVSS
9.0
EPSS Score
0.15%
Published
2020-11-16
Updated
2020-12-03
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-12-14
Updated
2020-12-16
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.
Max CVSS
9.8
EPSS Score
0.26%
Published
2020-08-17
Updated
2020-08-20
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.
Max CVSS
9.8
EPSS Score
0.17%
Published
2020-08-17
Updated
2020-08-20

CVE-2019-19781

Known exploited
Public exploit
Used for ransomware
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Max CVSS
9.8
EPSS Score
97.54%
Published
2019-12-27
Updated
2023-01-20
CISA KEV Added
2021-11-03
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.
Max CVSS
9.8
EPSS Score
0.31%
Published
2019-10-21
Updated
2020-08-24
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
Max CVSS
9.0
EPSS Score
90.16%
Published
2019-07-16
Updated
2020-08-24

CVE-2019-12991

Known exploited
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
Max CVSS
9.0
EPSS Score
12.18%
Published
2019-07-16
Updated
2020-08-24
CISA KEV Added
2022-03-25
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
Max CVSS
10.0
EPSS Score
90.87%
Published
2019-07-16
Updated
2019-07-17
87 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!