Vulnerabilities > Citrix > Gateway > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-24488 | Cross-site Scripting vulnerability in Citrix Application Delivery Controller and Gateway Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting | 6.1 |
| 2023-01-26 | CVE-2022-27507 | Resource Exhaustion vulnerability in Citrix Application Delivery Controller and Gateway Authenticated denial of service | 6.5 |
| 2022-12-26 | CVE-2019-18177 | Unspecified vulnerability in Citrix Application Delivery Controller Firmware and Gateway In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. | 6.5 |
| 2022-07-28 | CVE-2022-27509 | Open Redirect vulnerability in Citrix Application Delivery Controller Firmware and Gateway Unauthenticated redirection to a malicious website | 6.1 |
| 2021-08-05 | CVE-2021-22920 | Unspecified vulnerability in Citrix Application Delivery Management and Gateway A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. | 6.5 |
| 2021-06-16 | CVE-2020-8299 | Resource Exhaustion vulnerability in Citrix products Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. | 6.5 |
| 2021-06-16 | CVE-2020-8300 | Unspecified vulnerability in Citrix products Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. | 6.5 |
| 2020-09-18 | CVE-2020-8245 | Cross-site Scripting vulnerability in Citrix products Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal. | 6.1 |