The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.
Max CVSS
10.0
EPSS Score
0.41%
Published
2000-03-29
Updated
2008-09-10
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.
Max CVSS
10.0
EPSS Score
3.94%
Published
2007-05-24
Updated
2017-07-29
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
Max CVSS
10.0
EPSS Score
85.30%
Published
2008-01-18
Updated
2018-10-15
Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.37%
Published
2008-06-03
Updated
2017-08-08
Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console."
Max CVSS
10.0
EPSS Score
0.23%
Published
2009-07-14
Updated
2009-07-14
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
Max CVSS
10.0
EPSS Score
2.68%
Published
2012-10-26
Updated
2012-10-26
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
Max CVSS
10.0
EPSS Score
0.19%
Published
2013-09-12
Updated
2013-09-13
Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
Max CVSS
10.0
EPSS Score
0.18%
Published
2013-09-12
Updated
2013-09-13
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
Max CVSS
10.0
EPSS Score
0.19%
Published
2013-09-12
Updated
2013-09-13
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
Max CVSS
10.0
EPSS Score
0.19%
Published
2013-09-12
Updated
2013-09-13
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different vulnerability than other CVEs listed in CTX137162.
Max CVSS
10.0
EPSS Score
0.19%
Published
2013-09-12
Updated
2013-09-13
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
Max CVSS
10.0
EPSS Score
0.19%
Published
2013-09-12
Updated
2013-09-13
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
Max CVSS
10.0
EPSS Score
0.19%
Published
2013-09-12
Updated
2013-09-13
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
Max CVSS
10.0
EPSS Score
0.19%
Published
2013-09-12
Updated
2013-09-13
Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell via unknown vectors.
Max CVSS
10.0
EPSS Score
0.25%
Published
2014-03-11
Updated
2014-03-11
Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.
Max CVSS
10.0
EPSS Score
0.25%
Published
2014-05-01
Updated
2014-07-18
Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.
Max CVSS
10.0
EPSS Score
0.17%
Published
2014-05-01
Updated
2014-07-18
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.66%
Published
2014-07-22
Updated
2017-08-29
Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI).
Max CVSS
10.0
EPSS Score
0.53%
Published
2015-09-17
Updated
2016-12-22
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.
Max CVSS
10.0
EPSS Score
0.48%
Published
2016-02-17
Updated
2016-12-03

CVE-2017-6316

Known exploited
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
Max CVSS
10.0
EPSS Score
96.17%
Published
2017-07-20
Updated
2017-09-16
CISA KEV Added
2022-03-25
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
Max CVSS
10.0
EPSS Score
0.37%
Published
2018-03-06
Updated
2019-10-03
The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
1.24%
Published
2018-05-17
Updated
2018-06-27
Citrix XenServer 7.1 and newer allows Directory Traversal.
Max CVSS
10.0
EPSS Score
3.28%
Published
2018-08-15
Updated
2018-10-23
Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.
Max CVSS
10.0
EPSS Score
0.29%
Published
2019-06-05
Updated
2020-08-24
87 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!