Vulnerabilities > Citrix > Gateway Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-10 CVE-2020-8198 Cross-site Scripting vulnerability in Citrix products
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
network
low complexity
citrix CWE-79
6.1
6.1
2020-07-10 CVE-2020-8196 Improper Authentication vulnerability in Citrix products
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
network
low complexity
citrix CWE-287
4.3
4.3
2020-07-10 CVE-2020-8195 Path Traversal vulnerability in Citrix products
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
network
low complexity
citrix CWE-22
6.5
6.5
2020-07-10 CVE-2020-8194 Code Injection vulnerability in Citrix products
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
network
low complexity
citrix CWE-94
6.5
6.5
2020-07-10 CVE-2020-8193 Improper Authentication vulnerability in Citrix products
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
network
low complexity
citrix CWE-287
6.5
6.5
2020-07-10 CVE-2020-8191 Cross-site Scripting vulnerability in Citrix products
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
network
low complexity
citrix CWE-79
6.1
6.1
2020-03-06 CVE-2020-10112 HTTP Request Smuggling vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning.
network
low complexity
citrix CWE-444
5.4
5.4
2020-03-06 CVE-2020-10110 Unspecified vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching.
network
low complexity
citrix
5.3
5.3