Vulnerabilities > Citrix > Netscaler Gateway Firmware > 12.1

DATE CVE VULNERABILITY TITLE RISK
2020-07-10 CVE-2020-8198 Cross-site Scripting vulnerability in Citrix products
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
network
citrix CWE-79
4.3
4.3
2020-07-10 CVE-2020-8197 Improper Privilege Management vulnerability in Citrix products
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.
network
low complexity
citrix CWE-269
6.5
6.5
2020-07-10 CVE-2020-8196 Improper Authentication vulnerability in Citrix products
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
network
low complexity
citrix CWE-287
4.0
4.0
2020-07-10 CVE-2020-8195 Path Traversal vulnerability in Citrix products
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
network
low complexity
citrix CWE-22
4.0
4.0
2020-07-10 CVE-2020-8194 Code Injection vulnerability in Citrix products
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
network
citrix CWE-94
4.3
4.3
2020-07-10 CVE-2020-8193 Improper Authentication vulnerability in Citrix products
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
network
low complexity
citrix CWE-287
5.0
5.0
2020-07-10 CVE-2020-8191 Cross-site Scripting vulnerability in Citrix products
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
network
citrix CWE-79
4.3
4.3
2020-07-10 CVE-2020-8190 Improper Preservation of Permissions vulnerability in Citrix products
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
network
citrix CWE-281
6.0
6.0
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
 9.8
9.8
2019-10-21 CVE-2019-18225 Unspecified vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28.
network
low complexity
citrix
7.5
7.5