Security News > 2020 > August > Citrix warns of patch-ASAP-grade bugs in its working-from-home products, just as we're all working from home
This time the problem is in the Citrix Endpoint Management, the product Citrix suggests as an ideal way to securely manage devices and "Let employees work how, when and where they want."
The situation is sufficiently serious that Citrix gave advance notice of the bugs to "a number of major CERTs around the world." But it's not explained just what the bugs entail, offering only a list of CVE numbers, and hasn't said which of the five are critical.
XenMobile Server 10.12 before RP2. XenMobile Server 10.11 before RP4. XenMobile Server 10.10 before RP6. XenMobile Server before 10.9 RP5. Citrix's advice for the abovementioned product is a strong recommendation to update immediately.
XenMobile Server 10.12 before RP3. XenMobile Server 10.11 before RP6. XenMobile Server 10.10 before RP6. XenMobile Server before 10.9 RP5. Matters are a little complicated for Citrix cloud customers, as while the biz has patched its own operations, those running in hybrid mode need to sort themselves out on-prem.
No critical bug is welcome, though Citrix can ill-afford this incident thanks to past security incidents such as its massive data leak in March 2019; the Christmas 2019 Netscaler bug, which was widely exploited and rather nasty; and June 2020 Workspace vulnerability.