Search Vulnerabilities

citrix / virtual_apps_and_desktops+21

Published Mar 12, 2024

Page 1 of 9

CVE-2023-24490

MEDIUM6.3

Users with only access to launch VDA applications can launch an unauthorized desktop

Published Jul 10, 2023

CVE-2021-44519

citrix / xenmobile_server+8

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.

citrix / sd-wan_110_firmware+19

Published Apr 19, 2022

CVE-2022-27506

LOW2.7

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI

citrix / xenmobile_server+10

CVE-2022-26151

HIGH7.2

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.

CVE-2021-44520

citrix / xenmobile_server+8

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.

citrix / sd-wan_110_firmware+17

CVE-2022-27505

MEDIUM6.1

Reflected cross site scripting (XSS)

citrix / virtual_apps_and_desktops+8

CVE-2021-22928

HIGH7.8

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.

Local

Published Aug 5, 2021

CVE-2021-22914

Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.

citrix / cloud_connector

Published Jun 16, 2021

CVE-2020-8275

MEDIUM4.3

Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.

citrix / secure_mail

Published Jan 6, 2021

CVE-2020-8274

MEDIUM6.5

Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.

citrix / secure_mail

Published Jan 6, 2021

CVE-2020-8283

citrix / virtual_apps_and_desktops+13

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

Published Dec 14, 2020

CVE-2020-8269

citrix / virtual_apps_and_desktops+13

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9

Published Nov 16, 2020

CVE-2020-8253

citrix / xenmobile_server+17

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.

Published Sep 18, 2020

CVE-2020-8209

citrix / xenmobile_server+17

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.

CVE-2020-8210

citrix / xenmobile_server+20

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.

citrix / xenmobile_server+15

CVE-2020-8212

CRITICAL9.8

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.

citrix / xenmobile_server+20

CVE-2020-8211

CRITICAL9.8

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.

citrix / xenmobile_server+17

CVE-2020-8208

MEDIUM6.1

Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).

citrix / xenmobile_server+4

CVE-2018-10648

CRITICAL9.8

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.