Vulnerabilities > CVE-2024-42423 - Incorrect Authorization vulnerability in Citrix Workspace 23.9.0.24.4

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

citrix

CWE-863

NVD

Published: 2024-09-10

Updated: 2024-09-20

Summary

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.

Vulnerable Configurations

Part	Description	Count
Application	Citrix Citrix Workspace 23.9.0.24.4	1
OS	Dell Dell Thinos 2402 Dell Thinos 2311	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.dell.com/support/kbdoc/en-us/000225289/dsa-2024-229-security-update-for-dell-thinos-vulnerabilities